14603 matches found
GRAND Flash Album Gallery 0.55 - admin/news.php want2Read Parameter Traversal Arbitrary File Access
The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by an admin/news.php want2Read Parameter Traversal Arbitrary File Access security vulnerability...
WP Symposium <= 11.11.26 - Cross-Site Scripting (XSS)
The wp-symposium WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
WP Symposium <= 11.11.26 - Remote File Upload Code Execution
The wp-symposium WordPress plugin was affected by a Remote File Upload Code Execution security vulnerability...
Age Verification <= 0.4 - Open Redirect
The age-verification WordPress plugin was affected by an Open Redirect security vulnerability...
Buddypress <= 1.9.1 - Stored Cross-Site Scripting (XSS)
The BuddyPress WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...
WordPress <= 3.0.5 wp-admin/press-this.php Privilege Escalation
...
Contextual Related Posts < 1.8.10.2 - Multiple Parameter SQL Injection
The Contextual Related Posts WordPress plugin was affected by a contextual-related-posts.php Multiple Parameter SQL Injection security vulnerability...
Newsletter Manager < 1.0.2 - Authenticated Reflected Cross Site Scripting
The Newsletter Manager WordPress plugin was affected by a Cross Site Scripting security vulnerability...
adminimize 1.7.21 - 'page' Parameter Cross Site Scripting
The Adminimize WordPress plugin was affected by a 'page' Parameter Cross Site Scripting security vulnerability...
WordPress 2.9 - Failure to Restrict URL Access
Description When WordPress implemented the new Trash feature they failed to change the permissions granted when the post is in the trash. This means that an unauthenticated user cannot see the post, however an authenticated user can, no matter what privileges they have, even ‘subscriber’. See...
Oleggo Livestream <= 0.2.6 - XSS
Plugin is still affected and has been closed...
Prostore < 1.1.3 - Open Redirection
The prostore WordPress theme was affected by an Open Redirection security vulnerability. PoC /wp-content/themes/prostore/go.php?https://example.com...
TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Color Saving CSRF
The TinyMCE Color Picker WordPress plugin was affected by a tinymce-colorpicker.php Color Saving CSRF security vulnerability...
FormCraft - form.php id Parameter SQL Injection
The formcraft WordPress plugin was affected by a form.php id Parameter SQL Injection security vulnerability...
Count Per Day <= 3.2.5 - daytoshow Parameter XSS
The Count per Day WordPress plugin was affected by a daytoshow Parameter XSS security vulnerability...
Another WordPress Classifieds <= 1.8.9.4 - Unspecified Image Upload
The WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds WordPress plugin was affected by an Unspecified Image Upload security vulnerability...
WP Recaptcha < 3.0 - Multiple CSRF
The wp-recaptcha WordPress plugin was affected by a Multiple CSRF security vulnerability...
WordPress <= 1.5.1.2 - Email Spoofing
...
Avada Theme < 7.11.14 - Unauthenticated Arbitrary Shortcode Execution
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before...
012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Easy WP SMTP by SendLayer < 2.3.1 - Exposure of Sensitive Information via the UI
Description The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This make...
Newsletters < 4.9.6 - Reflected Cross-Site Scripting
Description The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
WP Docs < 2.1.4 - Reflected Cross-Site Scripting
Description The WP Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...
Pure Chat – Live Chat Plugin & More! < 2.23 - Cross-Site Request Forgery
Description The Pure Chat plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.22. This is due to missing or incorrect nonce validation on the purechatupdate function. This makes it possible for unauthenticated attackers to update chat details v...
tagDiv Composer < 4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode
Description The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
wpDataTables - Tables & Table Charts (Premium) < 6.4 - Missing Authorization to DataTable Access & Modification
Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdtajaxactions.php file in all versions up to, and including, 6.3.2. This makes it...
Tainacan < 0.21.4 - Unauthenticated Stored Cross-Site Scripting
Description The Tainacan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 0.21.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that wi...
Hash Elements < 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter in Multiple Widgets
Description The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure via the 'nxsgetExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets...
Popup Maker WP <= 1.2.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Popup Maker WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to injec...
weMail < 1.14.3 - Missing Authorization to Notice Dismissal
Description The weMail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the connectnotice function in versions up to, and including, 1.14.2. This makes it possible for unauthenticated attackers to dismiss notices...
Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...
Xserver Migrator < 1.6.2.1 - Arbitrary File Upload via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to upload arbitrary files granted they can trick a site administrator into performing an action such as...
GWP-Histats <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The GWP-Histats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Contact Form to Any API < 1.1.9 - Authenticated (Subscriber+) SQL Injection
Description The Contact Form to Any API plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...
Perfect Pullquotes <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Perfect Pullquotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) < 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget
Description The Magical Addons For Elementor Header Footer Builder, Free Elementor Widgets, Elementor Templates Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input...
Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks PoC Make a logged in admin open an HTML document containing where is a valid ID:...
YITH WooCommerce Compare < 2.38.0 - Cross-Site Request Forgery
Description The YITH WooCommerce Compare is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to add/remove things from a product compare via a forged request granted they can...
Leaky Paywall < 4.20.9 - Missing Authorization to Price Manipulation
Description The Leaky Paywall plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 4.20.8. This is due to the plugin allowing the price field to be user supplied. This makes it possible for unauthenticated attackers to alter the price of memberships...
ElementsKit Elementor addons 3.0.7 - 3.1.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Flattr <= 1.2.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Flattr" settings 2. In...
XStore Core <= 5.3.5 - Missing Authorization
Description The XStore Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized...
WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) SQL Injection
Description The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 14.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Recencio Book Reviews <= 1.66.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Recencio Book Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.66.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
Smart Forms < 2.6.92 - Missing Authorization to Notice Dismissal
Description The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rednaosmartformsdontshowagain function in versions up to, and including, 2.6.91. This makes it possible for authenticated attackers, with subscriber-level...
VikRentCar Car Rental Management System < 1.3.3 - Information Exposure
Description The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.2 due to publicly accessible PDF files. This makes it possible for unauthenticated attackers to extract potentially sensitive...
Frontend Dashboard < 2.2.4 -
Description The Frontend Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive data...
Max Addons Pro for Bricks < 1.6.2 - Reflected Cross-Site Scripting
Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...