14603 matches found
Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting
The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...
GiveWP < 2.21.0 - Manager+ Arbitrary File Access via Export
The plugin does not validate the file to be exported, which could allow manager to read arbitrary file on the web server...
GiveWP < 2.21.3 - DoS via CSRF
The plugin does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to...
Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting
The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers PoC https://example.com/wp-admin/options-general.php?page=cf7sredit&"...
Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Go to Settings - Loading Page, in the "Display loading screen in" settings, select either "specific pages" or...
Download Manager < 3.2.48 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the 'Insert URL' field, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Note: The attempted fix made in 3.2.46 and 3.2.47 were found to be insufficient PoC As a contributor, create/edit a download an...
Free Live Chat Support <= 1.0.12 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in place when updating its settings and is lacking escaping as well as sanitisation in some of them, which could allow attackers to make a logged in admin change them and put XSS payloads in them via a CSRF attack...
Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Breadcrumb css class name" settings of the plugin: "...
CDI < 5.1.9 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting PoC...
Core Plugin for Kitestudio Themes < 2.3.1 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting. PoC Install and active the...
Coming Soon and Maintenance by Colorlib < 1.0.99 - Admin+ Stored Cross Site Scripting
The plugin does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfilteredhtml is disallowed for example in multisite setup PoC Put the following payload in the "Google Analytics" settings of the plugin in the General...
Post Grid, Slider & Carousel Ultimate < 1.5.0 - Admin+ Stored XSS
The plugin does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a new Grid/Caroussel, in the General Settings, enable "Display Header Title" and put the...
Private Files <= 0.40 - Protection Disabling via CSRF
The plugin is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public PoC That will also delete the .htaccess...
Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...
Donations <= 1.8 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
Amazon Link <= 3.2.10 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC Put the following payload in settings such as the "AWS Public Key": "...
CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi
The plugin does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack PoC On a page where the codepeople-image-store is embed, append the...
Breeze < 2.0.3 - Subscriber+ Arbitrary Settings Update to Stored XSS
The plugin is lacking authorisation, CSRF and sanitisation in its AJAX actions available to any authenticated users, which could allow any logged in user to change the plugin's settings and perform XSS attacks...
Ultimate Member < 2.3.2 - Open Redirect
The plugin is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims...
Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi
The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections PoC curl https://example.com/wp-admin/admin-ajax.php \ --data...
MicroPayments < 1.9.6 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF in place when updating its settings, which could allow attacker to make a logged in admin perform such action via a CSRF attack...
Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/options-general.php?page=admin-menu-restriction="...
SiteSuperCharger < 5.2.0 - Unauthenticated SQLi
The plugin does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections PoC curl https://example.com/wp-admin/admin-ajax.php --data...
Fast Flow < 1.2.11 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting PoC...
eRoom < 1.3.9 - Cache Deletion via CSRF
The plugin does not have CSRF check in place when deleting cache, which could allow attackers to make logged in users delete cache via a CSRF attack...
Opensea < 1.0.3 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF
The plugin lacks authorization checks in the tainsertexternalimage action, allowing a low-privilege user with a role as low as Subscriber to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the...
Advanced Booking Calendar < 1.7.1 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC...
Title Experiments Free < 9.0.1 - Unauthenticated SQLi
The plugin does not sanitise and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=wpextitles=1 AND SELECT...
WP Voting Contest <= 2.1 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the postid parameter before outputting it back in the response via the wpvcsocialshareicons AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue PoC...
Powerkit < 2.5.9 - Post Views Settings Update/Reset via CSRF
The plugin does not have CSRF checks when saving or reseting its post views settings, which could allow an attacker to make a logged in admin change or reset them via a CSRF attack PoC...
Yet Another Stars Rating < 3.0.0 - Reflected Cross-Site Scripting
The plugin does not sanitise the source parameter before outputting it back in the response via the yasrloadrankings AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting
The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Settings which gets injected on the edit page as well as any page that embeds the calculator using the shortcode, as well as the Text...
WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)
The plugin does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/?wahi=JzthbGVydCgxKTsvLw==...
Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. PoC Put the following payload as an Admin Note Shield Security Tools Admin Notes:...
Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting
The plugins do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/index.php?p=%3Cimg%20src%20onerror=alert/XSS/%3Eurl=1...
Download Monitor < 4.4.7 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting issues...
Random Banner < 4.1.6 - Admin+ Stored Cross-Site Scripting
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. This affects...
Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting
The plugin does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC On the Learning Management page /wp-admin/admin.php?page=cluevo-lms, click Add Course, then put the...
Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
The plugin does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection PoC https://example.com/?restroute=/pmpro/v1/checkoutlevelid=3code=%27%20%20union%20select%20sleep1%20--%20g...
IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...
NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF
The plugin does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=nxssnap-reposter=1=delete...
Code Snippets < 2.14.3 - Reflected Cross-Site Scripting
The plugin does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue PoC...
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS
The plugin does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...
PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
The plugin does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any...
Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin PoC...
WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting
The plugin does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard PoC...
Login/Signup Popup < 2.2 - Reflected Cross-Site Scripting
The plugin does not escape its tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=xoo-el-fields="...
StopBadBots < 6.67 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection PoC GET / HTTP/1.1 User-Agent: Zongbot' where id = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'-- - Accept:...
Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue PoC...