14603 matches found
PageLayer < 1.7.9 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Solid Security Basic < 9.0.1 - Unauthenticated Login Page Disclosure
Description The plugin is vulnerable to protection mechanism bypass due to disclosing the login path when comments are enabled and registration is required. This makes it possible for unauthenticated attackers to discover the login page path and bypass the intended functionality of the security...
Mail logging - WP Mail Catcher < 2.1.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update
Description The plugin does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset PoC Run the below command in the developer console of the web browser whil...
Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection
Description The plugin unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup...
Backup Migration 1.0.8 - 1.3.9 - Remote File Inclusion via content-dir
Description The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful...
WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on...
WappPress < 6.0.0 - Unauthenticated Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...
LadiApp <= 4.4 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of the unprotected...
NextScripts < 4.4.3 - Reflected Cross-Site Scripting via code
Description The NextScripts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘code’ parameter in versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
Antispam Bee < 2.11.4 - IP Address Spoofing via get_client_ip
Description The Antispam Bee plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.11.3 due to use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass country blocking...
Ocean Extra < 2.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation
Description The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.2. This is due to missing or incorrect nonce validation on the ajaxrequiredpluginsactivate function. This makes it possible for unauthenticated attackers to...
Campaign Monitor for WordPress < 2.8.14 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
ChatBot < 4.7.9 - Authenticated (Administrator+) SQL Injection
Description The AI ChatBot plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in all versions up to, and including, 4.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the plugin settings ex:...
wpDiscuz < 7.6.6 - Unauthenticated SQL Injection
Description The wpDiscuz plugin for WordPress is vulnerable to SQL Injection via the 'visibleCommentIds' parameter in versions up to, and including, 7.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
wpDiscuz < 7.6.12 - Cross-Site Request Forgery
Description The wpDiscuz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.6.11. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to dismiss admin notices via a...
WPvivid Backup Plugin < 0.9.91 - Missing Authorization via 'start_staging' and 'get_staging_progress'
Description The WPvivid Backup Plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startstaging' and 'getstagingprogress' functions in versions up to, and including, 0.9.90. This makes it possible for authenticated...
Sponsors <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery
Description The WCP OpenWeather plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...
UserPro < 5.1.1 - Cross-Site Request Forgery to PHP Object Injection
Description The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'importsettings' function. This makes it possible for unauthenticated attackers to exploit PHP Object...
Inactive Logout < 3.2.3 - Missing Authorization
Description The Inactive Logout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the inaresetadvsettings function in versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber-level access a...
LuckyWP Scripts Control <= 1.2.1 - Missing Authorization
Description The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...
Themify Ultra < 7.3.6 - Authenticated (Subscriber+) Arbitrary File Upload
Description The themify-ultra theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in during a file upload in all versions up to, and including, 7.3.3. This makes it possible for authenticated attackers with subscriber access or higher to upload arbitrar...
Podlove Web Player <= 5.7.3 - Missing Authorization
Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...
10Web Map Builder for Google Maps < 1.0.74 - Missing Authorization to Notice Dismissal
Description The 10Web Map Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gmwdbpinstallnoticestatus function in versions up to, and including, 1.0.73. This makes it possible for authenticated attackers, with subscriber-level...
DoLogin Security <= 3.7.1 - Missing Authorization via REST Endpoints
Description The DoLogin Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple REST functions in versions up to, and including, 3.7.1. This makes it possible for unauthenticated attackers to send test SMS messages to arbitrar...
Neon text < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontextbox shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes color. This makes it possible for...
FV Flowplayer Video Player < 7.5.39.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update
Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fvplayeruservideo’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up t...
WooCommerce Bookings < 2.0.4 - Cross-Site Request Forgery
Description The WooCommerce Bookings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function...
Custom Header Images <= 1.2.1 - Cross-Site Request Forgery
Description The Custom Header Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknow...
Elementor Addon Elements < 1.12.8 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Advanced Page Visit Counter < 8.0.1 - Contributor+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by Contributor and above users...
Welcart e-Commerce < 2.9.5 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below:...
Kadence WooCommerce Email Designer < 1.5.12 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Bookly < 22.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an admin user, visit the...
Simple Shortcodes <= 1.0.20 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not sufficiently sanitize input or escape output on user-supplied attributes, resulting in a potential for Stored Cross-Site Scripting via shortcodes. This flaw makes it possible for users with contributor-level permissions or higher to inject arbitrary web scripts int...
WP Full Stripe Free <= 1.6.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Add Custom Body Class <= 1.4.1 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly escape the addcustombodyclass parameter before outputting it to the page, allowing users with the role of contributor of higher to inject arbitrary web scripts potentially targeting higher privileged users...
Scroll post excerpt <= 8.0 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Photospace Responsive < 2.1.2 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Website Builder by SeedProd < 6.15.15.3 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Hitsteps Web Analytics < 5.87 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Hotjar < 1.0.16 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
AGP Font Awesome Collection <= 3.2.4 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
MailChimp Forms by MailMunch < 3.1.5 - Arbitrary Actions via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Eupago Gateway For Woocommerce < 3.1.10 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
User Registration < 3.0.4.2 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Install and activate this...
WP 6.3-6.3.1 - Contributor+ Stored XSS via Footnotes Block
Description WordPress does not escape some of its Footnotes block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
AWP Classifieds < 4.3.1 - Categories Mgt via CSRF
Description The plugin does not have CSRF checks when managing categories such as deleting, updating etc, which could allow attackers to make logged in admins perform such actions via CSRF attacks...