14603 matches found
Paytium < 3.1.2 - Stored Cross-Site Scripting (XSS)
Both authenticated and unauthenticated stored XSS issues via fields in the payment details...
Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation
"The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users" providing subscriber-level users and above with the ability to escalate their privileges. PoC POST /wp-admin/admin-ajax.php?importpage=wordpresshfusercsv=3...
Pricing Table by Supsystic < 1.8.2 - Insecure Permissions on AJAX Actions
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or...
Elementor Page Builder < 2.8.4 - Cross-Site Scripting (XSS)
Elementor Page Builder before 2.8.4 does not sanitise data when creating a new template, which could lead to Cross-Site Scripting issues...
Marketo Forms and Tracking <= 1.0.2 - CSRF to XSS
Lack of CSRF checks and sanitisation on the plugin's settings page could allow XSS attacks via CSRF. PoC...
301 Redirects - Easy Redirect Manager <= 2.40 - Authenticated Arbitrary Redirect Injection and Modification, XSS, and CSRF
The weaknesses allow for any authenticated user, even subscribers, to modify, delete, and inject redirect rules that could potentially result in a loss of site availability, in addition to XSS and CSRF. PoC...
Events Manager < 5.9.6 - Authenticated Stored Cross-Site Scripting (XSS)
The Events Manager WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...
Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored XSS
NinTechNet discovered a multiple security issues within the Download Plugins and Themes from Dashboard WordPress plugin. The plugin's setting update request did not check for authorisation, allowing an unauthenticated user to inject malicious JavaScript, which would be stored in the backend...
Easy Property Listings < 3.4 - Cross-Site Scripting (XSS)
Changelog for 3.4 mentions: - MAJOR Security Update Release. Important to update to the latest version to protect your website. Easy Property Listings has been reviewed and approved by the WordPress plugin team. - This is a critical update to Easy Property Listings plugin that is focused on...
Login Or Logout Menu Item <= 1.1.1 - Unauthenticated Options Change
The Login or Logout Menu Item WordPress plugin was affected by an Unauthenticated Options Change security vulnerability...
Advanced Contact form 7 DB <= 1.6.1 - SQL Injection
The Advanced Contact form 7 DB WordPress plugin was affected by a SQL Injection security vulnerability...
WPS Hide Login <= 1.5.2.2 - Multiples Issues
Protection Bypasses...
Everest Forms <= 1.4.9 - SQL Injection
The Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms WordPress plugin was affected by a SQL Injection security vulnerability...
WP Code Highlight.js < 0.6.3 - CSRF to Stored XSS
Lack of CSRF checks could allow attackers to make a logged in admin create XSS payloads. PoC...
Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution
The Ad Inserter – Ad Manager & AdSense Ads WordPress plugin was affected by an Authenticated Remote Code Execution security vulnerability. PoC The nonce aicheck in the final request can be obtained by querying the homepage with the AIWPDEBUGGING cookie set to 2. Then, use an account with a role a...
Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)
It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface. PoC POST /booking-form/ HTTP/1.1 Host: test.local User-Agent: Mozilla/5.0 Macintosh; Intel Mac ...
Rencontre – Dating Site <= 3.1.2 - SQLi & XSS
SQL injection & XSS vulnerability in Rencontre – Dating Site Plugin For WordPress...
CP Contact Form with Paypal <= 1.3.01 - Multiple XSS
The CP Contact Form with PayPal WordPress plugin was affected by a Multiple XSS security vulnerability. PoC Version =1 fixed in 1.2.98...
Easy Pdf Restaurant Menu Upload < 1.2 - XSS
The Easy PDF Restaurant Menu Upload WordPress plugin was affected by a XSS security vulnerability...
Easy Digital Downloads <= 2.9.15 - Stored XSS
Stored XSS Cross Site Scripting via the IP addresses in logs...
Zoho SalesIQ <= 1.0.8 - XSS & CSRF
The Zoho SalesIQ WordPress plugin was affected by a XSS & CSRF security vulnerability...
SAML SP Single Sign On <= 4.8.72 - Cross-Site Scripting (XSS)
The SAML Single Sign On – SSO Login WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection
Changelog states: "Security - fix for SQL injection vulnerability in email subscription"...
W3 Total Cache < 0.9.7.3 - Cryptographic Signature Bypass
The return value of opensslverify is not properly validated, which allows to bypass the cryptographic check...
Ninja Forms File Uploads Extension <= 3.0.22 - Unauthenticated Arbitrary File Upload
The ninja-forms-uploads WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability...
The Events Calendar < 4.8.2 - XSS
The The Events Calendar WordPress plugin was affected by a XSS security vulnerability...
WordPress <= 5.0 - Authenticated Post Type Bypass
Description According to WordPress: "Simon Scannell of RIPS Technologies discovered that authors could create posts of unauthorized post types with specially crafted input."...
Advanced Custom Fields <= 5.7.7 - Authenticated Cross-Site Scripting (XSS)
According to the vendor: "This release contains a fix to a recently reported XSS vunerability sic. This report showed it was possible for a logged in author to save unfiltered HTML within a custom field value. This is something that should not be possible without the unfilteredhtml capability."...
Slideshow Gallery <= 1.6.8 - XSS and SQLi
The Slideshow Gallery WordPress plugin was affected by a XSS and SQLi security vulnerability...
Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities
Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. PoC Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php...
wpForo < 1.5.2 - Privilege Escalation
The wpForo Forum WordPress plugin was affected by a Privilege Escalation security vulnerability...
WooCommerce <= 3.4.4 - Potential Object Injection
According to WooCommerce: "Versions 3.4.4 and earlier are affected by an issue where a function that updates attributes could lead to object injection. This is related to the WordPress 4.8.3 security release. This issue can only be exploited by users who can edit attributes and should not be...
WP Live Chat Support < 8.0.08 - Cross-Site Scripting (XSS)
The 3CX Live Chat WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Caldera Forms <= 1.5.9.1 - Multiple Cross-Site Scripting (XSS)
The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...
Duplicator <= 1.2.32 - Cross-Site Scripting (XSS)
The Duplicator – WordPress Migration Plugin WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
NextGEN Gallery <= 2.2.46 - Galley Paths Not Secured
The changelog states: "Secured: Gallery paths and the ability to manage tags Kudos: ElevenPaths Telefonica cibersecurity Unit"...
GD Rating System 2.3 - Multiple Vulnerabilities
The GD Rating System WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...
Football Pool < 2.6.5 - Multiple XSS
The Football Pool WordPress plugin was affected by a Multiple XSS security vulnerability...
Contact Form for WordPress – Ultimate Form Builder Lite <= 1.3.6 - SQL Injection
The Contact Form for WordPress – Ultimate Form Builder Lite WordPress plugin was affected by a SQL Injection security vulnerability...
Content Timeline <= 4.4.2 - Multiple Blind SQL Injection
Multiple Blind SQL injections in the premium 'Content Timeline' Plugin. One unauthenticated and two authenticated injections. Contacted the author twice without any response. History: 09-16-2017 Contacted the author 09-16-2017 Requested CVE-ID 09-18-2017 CVE-ID Received 09-18-2017 Contacted the...
WordPress 4.4-4.8.1 - Path Traversal in Customizer
Description A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team...
Responsive Image Gallery, Gallery Album <= 1.2.0 - Authenticated SQL Injection
The Responsive Image Gallery, Gallery Album WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
WP Live Chat Support < 7.1.05 - Cross-Site Scripting (XSS)
WP Live Chat Support is vulnerable by sending XSS payloads through chat. PoC...
FormCraft - Premium WordPress Form Builder <= v3.2.31 - Authenticated Stored XSS
WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent Cross-Site Scripting XSS vulnerability. PoC Authenticated Stored XSS: New Form Heading Heading Text input field is vulnerable. The payload will execute when the form is displayed...
Shortcodes Ultimate <= 4.9.9 - Authenticated Directory Traversal
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin was affected by an Authenticated Directory Traversal security vulnerability...
WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
...
Simple Job Board <= 2.4.3 - Reflected XSS
The Simple Job Board WordPress plugin was affected by a Reflected XSS security vulnerability...
Calendar by WD <= 1.5.51 - Authenticated Blind SQL Injection
The SpiderCalendar WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...
Twitter Cards Meta <= 2.4.5 - CSRF and XSS
The Twitter Cards Meta – Best Twitter Card Plugin for WordPress WordPress plugin was affected by a CSRF and XSS security vulnerability...
Webapp builder 2.0 - Unauthenticated File Upload
Plugin is still affected and has been closed...