14603 matches found
User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent
Description The plugin does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. PoC 1 Make sure the plugin's Enable User Agent For Log setting is set at /wp-admin/admin.php?page=ualpsettings 2 If...
Exifography <= 1.3.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Booster for WooCommerce < 7.1.1 - Subscriber+ Sensitive Information Disclosure
Description The plugin is vulnerable to Information Disclosure via the 'wcjwpoption' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level...
Activity Log < 2.8.8 - IP Spoofing
Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. PoC Run the following code in the web browser and note on the backend that the IP address has been fake...
Multiple Plugins from ServMask - Unauthenticated Access Token Update
Description The plugins do not have authorisation in the init function hooked to the admininit action, allowing unauthenticated attackers to update the access token PoC With the All-in-One WP Migration Box Extension installed, open the below URL as unauthenticated:...
Slimstat Analytics < 5.0.10 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation
Description The plugin does not validate parameters supplied to the updatecoreuser function, which could allow users to register an account with any role such as administrator when registering via the registration form of the plugin ie the charitableregistration shortcode embed in a page/post...
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. PoC 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...
Herd Effects < 5.2.4 - Effect Deletion via CSRF
Description The plugin does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=mwp-herd-effect=delete=1, this will make them delete the...
ProfileGrid < 5.5.3 - Group Owner+ Unauthorized Data Modification
Description The plugin does not adequately check capabilities on the 'editgroup' handler, enabling authenticated users with group ownership to improperly update group options, including the 'associaterole' parameter, which sets the member's role...
ProfileGrid < 5.5.2 - Subscriber+ Unauthorized Data Modification
Description The plugin does not perform proper capability checks on the 'pmuploadcsv' function, enabling authenticated users with subscriber-level permissions or above to import new users and update existing ones...
WP Shopping Pages <= 1.14 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. PoC Make a logged in admin access a page with the following code:...
OOPSpam Anti-Spam < 1.1.45 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, leading to a potential Cross-Site Request Forgery vulnerability...
Contact Form by WD <= 1.13.23 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. When editing a form, go to "Settings MySQL Mapping". 2. Click "Add a Query" 3. When mapping the form to the...
MasterStudy LMS < 3.0.9 - Subscriber+ Course Category Creation
The plugin does not have authorisation when creating category courses, allowing any authenticated users, such as subscriber to create arbitrary course category...
YaySMTP < 2.4.6 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sufficiently sanitize and escape input from email contents, leading to the possibility of arbitrary web scripts injection in pages...
Metform Elementor Contact Form Builder < 3.3.2 - Multiple Subscriber+ Sensitive Information Disclosure Issues
The plugin does not prevent less privileged users, like subscribers, from accessing various sensitive information via the plugin's shortcodes. This includes payment statuses, transaction IDs, submitter's name information, and virtually all fields of any form submissions...
Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation
The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request. PoC POST...
Nested Pages < 3.2.4 - Editor+ Plugin Settings Reset
The plugin does not properly authorize the npresetSettings ajax action, allowing users with an editor role or above to reset the plugin settings...
WooCommerce Warranty Requests < 2.1.7 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below v = 2.1.6...
Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. Send a GET request with...
EventPrime < 3.0.0 - Unauthenticated Reflected XSS
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...
UpdraftPlus < 1.23.4 - CSRF
The plugin does not have CSRF check in the actionauthenticatestorage, which could allow attackers to make logged in admins inject JavaScript into a parameter in the authentication process via a CSRF attack when they can trick an admin to perform multiple actions including re-authenticating a...
Jazz Popups <= 1.8.7 - Unauthenticated Reflected Cross-Site Scripting
The plugin does not properly sanitize user input, leading to a potential Reflected Cross-Site Scripting XSS vulnerability...
Scripts n Styles < 3.5.8 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Baidu Tongji generator <= 1.0.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
OTP Login Woocommerce & Gravity Forms < 2.3 - Unauthenticated Privilege Escalation
The plugin returns generated OTP codes for users to use when using the logging in via phone number feature, allowing unauthenticated users to retrieve them for arbitrary accounts and be able to login as any user, including administrator granted they know the related phone number...
CRM Memberships <= 1.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Verified Reviews < 2.3.15 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Uji Popup <= 1.4.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings
Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the "Enter the URL: field, add the XSS...
WCFM Membership < 2.10.1 - Unauthenticated Privilege Escalation
The plugin does not have authorisation in the wcfmajaxcontroller AJAX action, allowing unauthenticated attackers to change membership registration form and set the default role to administrator...
Really Simple Google Tag Manager < 1.0.7 - Arbitrary Plugin Activation via CSRF
The plugin does not have CSRF checks when activating plugins, which could allow attackers to make logged in users perform such action via a CSRF attack...
JustTables – WooCommerce Product Table < 1.5.0 - Cross-Site Request Forgery
The plugin does not adequately protect against CSRF attacks, leading to potential unauthorized actions...
Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
The plugin does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must also be installed for this vulnerability to b...
Product Feed PRO for WooCommerce < 12.4.5 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as update the plugin's settings as well as update projects via CSRF attacks...
All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS
The plugin does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. PoC Just create a...
WP Simple Shopping Cart 4.6.3 - Unauthenticated PII Disclosure
The plugin saves exported shopping cart data in a publicly accessible directory, allowing unauthenticated users to retrieve PII such as full names, email/IP address etc...
GiveWP < 2.25.2 - Contributor+ Arbitrary Content Deletion
The plugin does not correctly authorize some actions, allowing low-privileged users to delete content from the site which they should not be permitted to delete...
OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF
The plugin does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack PoC Make a logged in admin open: https://example.com/wp-admin/admin.php?page=mooauthsettings=config=discard...
Read More Excerpt Link <= 1.6 - Settings Update via CSRF
The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Organization chart < 1.4.5 - Multiple CSRF
The plugin does not have CSRF checks in some places, for example when updating/deleting/duplicating popups, tree and themes from the plugin, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
ChatBot < 4.3.0 - Settings Reset via CSRF
The plugin does not have CSRF check when resetting its settings, which could allow attackers to make logged in admin perform such action via a CSRF attack...
Top 10 < 3.2.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Minify HTML <= 2.1.7 - Settings Update via CSRF
The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Portfolio - WordPress Portfolio < 2.8.11 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
i2 Pros & Cons <= 1.3.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC i2prosandcons showbutton='true'...
ImageMagick Engine < 1.7.6 - PHAR Deserialization via CSRF
The plugin does not validate the clipath parameter and does not have CSRF check, which could allow attackers to make a logged in admin call a file with a PHAR wrapper via a CSRF attack. This could lead to PHAR deserialization when a suitable gadget chain is present on the blog and the attacker...
IP Vault - WP Firewall <= 1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Robo Gallery < 3.2.11 - Plugin Activation/Deactivation via CSRF
The plugin does not have CSRF checks when activating and deactivating plugins, which could allow attackers to make logged in users perform such actions via CSRF attacks...