14603 matches found
WP-DownloadManager 1.60 - Script Insertion CSRF
The wp-download-manager WordPress plugin was affected by a Script Insertion CSRF security vulnerability...
scorerender <= 0.3.4 - XSS in ZeroClipboard
The scorerender WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS
The Marekkis Watermark-Plugin WordPress plugin was affected by a wp-admin/options-general.php pfad Parameter XSS security vulnerability...
Video Lead Form - "errMsg" Cross-Site Scripting
The Video Lead Form WordPress plugin was affected by a "errMsg" Cross-Site Scripting security vulnerability...
WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
The WP Super Cache WordPress plugin was affected by a trunk/plugins/awaitingmoderation.php URI XSS security vulnerability...
WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
The WP Super Cache WordPress plugin was affected by a trunk/plugins/domain-mapping.php URI XSS security vulnerability...
WP Forum Server <= 1.7.3 - fs-admin/wpf-add-forum.php groupid Parameter XSS
The WP Forum Server WordPress plugin was affected by a fs-admin/wpf-add-forum.php groupid Parameter XSS security vulnerability...
WP Cron DashBoard <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
The WP-Cron Dashboard WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...
Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit
...
Count Per Day <= 3.2.5 - daytoshow Parameter XSS
The Count per Day WordPress plugin was affected by a daytoshow Parameter XSS security vulnerability...
LatePoint <= 4.9.91 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...
Greenshift – animation and page builder blocks < 8.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social share block in all versions up to, and including, 8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes...
Easy WP SMTP by SendLayer < 2.3.1 - Exposure of Sensitive Information via the UI
Description The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This make...
Events Addon for Elementor < 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...
Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter
Description The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headingtag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Custom Fonts – Host Your Fonts Locally < 2.1.5 - Author+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via svg file upload due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level or higher, to inject arbitrary web scripts in pages that will execute whenever ...
Country State City Dropdown CF7 < 2.7.3 - Unauthenticated SQL Injection
Description The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Salient Shortcodes < 1.5.4 - Authenticated (Contributor+) Local File Inclusion via Shortcode
Description The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...
Gold Addons for Elementor < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Gold Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Form Maker by 10Web < 1.15.25 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it...
Stockholm Core < 2.4.2 - Authenticated (Contributor+) Local File Inclusion
Description The stockholm-core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the...
Anti-Malware Security and Brute-Force Firewall < 4.23.56 - Unauthenticated Remote Code Execution
Description The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.21.96 due to weak nonce generation combined with missing authorization. This makes it possible for unauthenticated attackers to brute...
ProfileGrid < 5.7.2 - Authenticated (Contributor+) SQL Injection
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery < 1.5.4 - Missing Authorization
Description The Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxvideogallery function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, wi...
Embed Google Fonts <= 3.1.0 - Missing Authorization
Description The Embed Google Fonts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
Car Dealer < 4.16 - Admin+ Content Injection
Description The Car Dealer Dealership and Vehicle sales plugin for WordPress is vulnerable to unauthorized content injection due to insufficient input validation in all versions up to, and including, 4.15. This makes it possible for authenticated attackers, with administrator-level access and...
ElementsKit Elementor addons 3.0.7 - 3.1.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
XStore Core <= 5.3.5 - Reflected Cross-Site Scripting
Description The XStore Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Barcode Scanner with Inventory & Order Manager < 1.5.4 - Unauthenticated Privilege Escalation
Description The Barcode Scanner and Inventory manager. POS Point of Sale – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.3. This is due to the plugin not properly restricting user meta values...
Frontend Dashboard < 2.2.4 -
Description The Frontend Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive data...
Tutor LMS < 2.7.0 - Missing Authorization to Unauthenticated Limited Options Update
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hidenotices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers ...
Mailster < 4.0.7 - Unauthenticated Local File Inclusion
Description The Mailster - Email Newsletter Plugin for WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.6. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...
Active Products Tables for WooCommerce < 1.0.6.3 - Missing Authorization
Description The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getsmth function in all versions up to, and including, 1.0.6.2. This makes it possib...
Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Add the following shortcode to a post: sulightbox src='123"onmouseover="alert1"'Cli...
Wp Ultimate Review < 2.3.0 - Missing Authorization
Description The Wp Ultimate Review plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wurmetaboxcontentsave function in versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to leave reviews on password...
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possib...
Login with phone number < 1.6.94 - Cross-Site Request Forgery
Description The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.93. This is due to missing or incorrect nonce validation on the lwpforgotpassword and lwpupdatepasswordaction functions. This makes it possible for...
EleForms – All In One Form Integration including DB for Elementor < 2.9.9.8 - Missing Authorization to Sensitive Information Exposure
Description The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for...
WPBakery Visual Composer < 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute
Description The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...
Masteriyo - LMS < 1.7.3 - Unauthenticated Privilege Escalation
Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated...
Ocean Extra < 2.2.7 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘twitterusername’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...
WordPress Geo Controller < 8.6.5 - PHP Object Injection
Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. PoC...
WP Photo Album Plus < 8.6.03.005 - Authenticated (Subscriber+) Arbitrary File Upload
Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wppauserupload function in all versions up to, and including, 8.6.03.004. This makes it possible for authenticated attackers, with subscriber-level access an...
Premium Addons for Elementor < 4.10.25 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings
Description The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as...
Tumult Hype Animations < 1.9.12 - Cross-Site Request Forgery to Cross-Site Scripting
Description The Tumult Hype Animations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.11. This is due to missing or incorrect nonce validation on the hypeanimationsupdatecontainer function. This makes it possible for unauthenticated...
Essential Blocks for Gutenberg < 4.4.10 - Missing Authorization
Description The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with contributor-level access and above, to perform unauthorized...
LearnPress < 4.2.6.4 - Insecure Direct Object Reference
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated...
Fluent CRM < 2.8.45 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.8.44 due to insufficient input sanitization and output escaping. Thi...
Booking Activities < 1.15.20 - Reflected Cross-Site Scripting
Description The Booking Activities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.15.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...