14603 matches found
AppPresser < 4.3.1 - Missing Authorization
Description The AppPresser plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggleloggingcallback function in versions up to, and including, 4.3.0. This makes it possible for unauthenticated attackers to enable and disable logging...
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.31 - Open Redirect
Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirectto...
Qi Addons For Elementor < 1.7.1 - Contributor+ Stored XSS
Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to...
Essential Addons for Elementor < 5.9.16 - Contributor+ Stored Cross-Site Scripting
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery & Interactive Circle widgets in all versions up to, and including, 5.9.15 due to...
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting
Description The Code Insert Manager Q2W3 Inc Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress < 2.0.74 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
Description The Radio Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.73. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive...
Premium Addons for Elementor < 4.10.29 - Contributor+ Stored Cross-Site Scripting
Description The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
ShopLentor < 2.8.2 - Contributor+ Template Reset
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function. This makes it possible for authenticated attackers, with contributor access and above to access the nonce used to access this function and set a...
EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting
Description The EZ Form Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.14.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
MultiParcels Shipping For WooCommerce < 1.16.9 - Cross-Site Request Forgery
Description The MultiParcels Shipping For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.16.9 exclusive. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perfo...
Paid Memberships Pro < 3.0.2 - Cross-Site Request Forgery
Description The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmproupdatelevelgrouporder...
Easy Logo <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Easy Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) < 3.1.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
Description The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers t...
WP Meta SEO < 4.5.13 - Unauthenticated Stored Cross-Site Scripting via Referer header
Description The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
MihanPanel < 12.7 - Cross-Site Request Forgery
Description The MihanPanel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 12.7. This is due to missing or incorrect nonce validation on the delete and deleteall cases. This makes it possible for unauthenticated attackers to delete IP addresses from the blocked...
WP Login and Logout Redirect < 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The WP Login and Logout Redirect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Advanced Order Export For WooCommerce < 3.4.5 - Shop Manager+ Remote Code Execution
Description The plugin is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.4. This makes it possible for authenticated attackers, with shop manager-level access and above, to execute code on the server...
EmbedPress < 3.9.9 - Missing Authorization via handle_calendly_data
Description The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handlecalendlydata function in versions up to, and including, 3.9.8. This makes it possible for unauthenticated attackers to update calendly settings...
User Activity Log < 2.0 - Admin+ SQL Injection
Description The plugin is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL...
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions
Description The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for...
Element Pack Elementor Addons < 5.5.4 - Contributor+ Stored XSS via Trailer Box Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘elementpackwrapperlink’ attribute of the Trailer Box widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.8.5 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget
Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input...
MM-email2image <= 0.2.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add the following payload to...
ProfileGrid < 5.7.9 - Unauthenticated SQL Injection
Description The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
WP Travel Engine < 5.8.0 - Unauthenticated SQL Injection
Description The WP Travel Engine plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Reflected Cross-Site Scripting
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WP Express Checkout (Accept PayPal Payments) < 2.3.8 - Unauthenticated Price Manipulation
Description The WP Express Checkout Accept PayPal Payments plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 2.3.7. This is due to insufficient validation on the pricing data being passed to the server. This makes it possible for unauthenticated...
Custom post types, Custom Fields & more < 5.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post me...
10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection
Description The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.74 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Chaty New Widget" 2...
Hash Elements < 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
Better Comments < 1.5.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. From the WordPress menu on the...
RoyalSlider < 3.4.3 - Reflected Cross-Site Scripting
Description The RoyalSlider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Off-Canvas Sidebars & Menus (Slidebars) < 0.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Off-Canvas Sidebars & Menus Slidebars plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Molongui < 4.7.8 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrar...
Stratum < 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Stratum plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Easy Social Share Buttons < 9.5 - Reflected Cross-Site Scripting
Description The easy-social-share-buttons3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Otter Blocks < 2.6.6 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Better Elementor Addons < 1.4.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the widget link URL values due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...
Media Library Assistant < 3.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode
Description The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Elementor Addon Elements < 1.13.2 - Contributor+ Stored XSS
Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to...
VK All in One Expansion Unit < 9.96.0.0 - Unauthenticated Password Protected Content Access
Description The plugin is vulnerable to Sensitive Information Exposure via social meta tags, allowing unauthenticated attackers to view limited password protected content...
Networker - Tech News WordPress Theme with Dark Mode < 1.1.10 - Missing Authorization
Description The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated...
Better Search < 3.3.1 - Unauthenticated Stored Cross-Site Scripting
Description The Better Search – Relevant search results for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for...
WP Fusion Lite < 3.42.10 - Authenticated (Contributor+) Remote Code Execution
Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.41.24. This makes it possible for authenticated attackers, with contributor-level access and above, to execut...
Survey Maker < 4.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Popup Maker – Popup for opt-ins, lead gen, & more < 1.18.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Email Subscription Popup < 1.2.21 - Unauthenticated Stored Cross-Site Scripting
Description The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '$email' parameter in versions up to, and including, 1.2.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
ElementsKit Elementor addons < 3.0.4 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Essential Addons for Elementor < 5.9.10 - Contributor+ Stored Cross-Site Scripting via Event Calendar
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...