14602 matches found
CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection
Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. Thi...
WP Time Slots Booking Form < 1.2.11 - Unauthenticated Stored Cross-Site Scripting
Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
ElasticPress < 5.1.2 - Data Sync via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the dosync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such...
Pagerank Tools <= 1.1.5 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC https://example.com/wp-admin/tools.php?page=pagepageranks="...
Frontend Checklist <= 2.3.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to frontend-checklist admin...
GP Premium < 2.4.1 - Reflected Cross-Site Scripting
Description The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
SEOPress < 7.8 - Contributor+ Open Redirect
Description The plugin does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post PoC As a contributor, create a new Post, at the bottom of the page put the following payload in the...
Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access
Description The plugin allows you to display custom field values for any post via shortcode without checking for the correct access PoC 1. ADMIN: Install Advanced Custom Fields or ACF Pro 2. ADMIN: Create a new field group for posts and add a field to that 3. ADMIN: Fill in content for posts...
Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Testimonial Block
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial and Image Gallery blocks due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and...
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. PoC curl --url...
WP Fastest Cache < 1.2.7 - Admin+ Arbitrary File Deletion
Description The plugin for WordPress is vulnerable to Directory Traversal via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting...
ElementsKit Pro < 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
ShopLentor < 2.8.8 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Contact Form Widget < 1.4.0 - Sensitive Information Exposure
Description The Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to extract sensitive user or...
Copymatic – AI Content Writer & Generator < 1.7 - Unauthenticated Arbitrary File Upload
Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code...
Clearfy Cache <= 2.2.1 - Cross-Site Request Forgery
Description The Clearfy Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...
weDocs < 2.1.5 - Missing Authorization
Description The weDocs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatehelpfullness REST API endpoint in versions up to, and including, 2.1.4. This makes it possible for unauthenticated attackers to update settings...
The Events Calendar < 6.4.0.1 - Reflected XSS
Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. PoC...
GiveWP – Donation Plugin and Fundraising Platform < 3.5.0 - Authenticated (GiveWP Manager+) PHP Object Injection
Description The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with give manager-level access and above, to inject a PHP Object. No known POP...
Share This Image < 1.99 - Open Redirect
Description The plugin is vulnerable to Open Redirect due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...
JW Player for WordPress <= 2.3.3 - Missing Authorization
Description The JW Player for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Mesmerize Companion < 1.6.149 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode
Description The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerizecontactform' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
WP Post Author < 3.6.5 - Subscriber+ Rating Manipulation
Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function, allowing authenticated attackers, with subscriber-level access and above, to manipulate ratings...
Archives Calendar Widget <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Archives Calendar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
Rank Math SEO with AI Best SEO Tools < 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder < 2.5.4 - Contrib+ DOM-Based Cross-Site Scripting
Description The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the ‘typingcursor’ parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it...
CAS <= 1.0.0 - Unauthenticated Arbitrary File Access
Description This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server PoC https://example.com/wp-content/themes/cas/download.php?path=...
Frontend Dashboard < 2.2.4 -
Description The Frontend Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive data...
Slider Revolution < 6.7.8 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter
Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...
List Custom Taxonomy Widget < 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The List Custom Taxonomy Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress < 3.1.4 - Cross-Site Request Forgery
Description The WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing or incorrect nonce validation on several functions. This...
Page Builder: Live Composer < 1.5.39 - Missing Authorization
Description The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslcajaxaddmodule function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level...
VK Block Patterns < 1.31.1.1 - Missing Authorization
Description The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbpclearpatternscache function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns...
Headline Analyzer < 1.3.4 - Cross-Site Request Forgery
Description The Headline Analyzer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on several REST API endpoints. This makes it possible for unauthenticated attackers to perform sever...
WP TradingView <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP TradingView plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting
Description The WP-Cufon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Seriously Simple Podcasting < 3.1.0 - Reflected Cross-Site Scripting
Description The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress Automatic Plugin < 3.93.0 Cross-Site Request Forgery
Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.92.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization
Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...
Popup Anything < 2.8.1 - Missing Authorization
Description The Popup Anything – Popup for opt-ins and Lead Generation Conversions plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the popupaocrenderpopuppreview function in all versions up to, and including, 2.8.0. This makes it possible for...
Attesa Extra < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Attesa Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting
Description The Canva – Design beautiful blog graphics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'
Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Poll Maker – Best WordPress Poll Plugin < 5.1.9 - Missing Authorization to Unauthenticated Email Enumeration
Description The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspollcreateauthor function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to...
Wallet System for WooCommerce < 2.5.10 - Cross-Site Request Forgery
Description The Wallet System for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform a...
Aspose.Words Exporter <= 6.3.1 - Missing Authorization
Description The Aspose.Words – Import and Export word documents plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.1. This makes it possible for authenticated attackers, with subscriber-level access a...
Spotlight Social Media Feeds < 1.6.11 - Cross-Site Request Forgery
Description The Spotlight Social Media Feeds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.10. This is due to missing or incorrect nonce validation in the AuthCallbackListener class. This makes it possible for unauthenticated attackers to...
BA Book Everything < 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This...