14603 matches found
Seriously Simple Podcasting < 3.1.0 - Reflected Cross-Site Scripting
Description The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress Automatic Plugin < 3.93.0 Cross-Site Request Forgery
Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.92.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization
Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...
Popup Anything < 2.8.1 - Missing Authorization
Description The Popup Anything – Popup for opt-ins and Lead Generation Conversions plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the popupaocrenderpopuppreview function in all versions up to, and including, 2.8.0. This makes it possible for...
Attesa Extra < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Attesa Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting
Description The Canva – Design beautiful blog graphics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'
Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Poll Maker – Best WordPress Poll Plugin < 5.1.9 - Missing Authorization to Unauthenticated Email Enumeration
Description The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspollcreateauthor function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to...
Wallet System for WooCommerce < 2.5.10 - Cross-Site Request Forgery
Description The Wallet System for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform a...
Aspose.Words Exporter <= 6.3.1 - Missing Authorization
Description The Aspose.Words – Import and Export word documents plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.1. This makes it possible for authenticated attackers, with subscriber-level access a...
Spotlight Social Media Feeds < 1.6.11 - Cross-Site Request Forgery
Description The Spotlight Social Media Feeds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.10. This is due to missing or incorrect nonce validation in the AuthCallbackListener class. This makes it possible for unauthenticated attackers to...
Table & Contact Form 7 Database – Tablesome < 1.0.26 - Cross-Site Request Forgery
Description The Table & Contact Form 7 Database – Tablesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.25. This is due to missing or incorrect nonce validation on the publishtable function. This makes it possible for unauthenticated...
BA Book Everything < 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This...
WPZOOM Social Feed Widget & Block < 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion
Description The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoominstagramcleardata function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with...
eRoom – Zoom Meetings & Webinar < 1.4.19 - Missing Authorization to Information Exposure
Description The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post...
Email Subscribers & Newsletters < 5.7.14 - Missing Authorization
Description The Email Subscribers & Newsletters plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.7.13. This makes it possible for unauthenticated attackers to perform an unauthorized action...
AWP Classifieds < 4.3.2 - Missing Authorization
Description The AWP Classifieds plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized...
WebinarPress < 1.33.10 - Reflected Cross-Site Scripting
Description The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.33.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Update
Description The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to update arbitrary WordPress settings...
Loan Repayment Calculator and Application Form < 2.9.5 - Cross-Site Request Forgery
Description The Loan Repayment Calculator and Application Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers ...
Profile Builder < 3.11.3 - Restricted Email Bypass
Description The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to restricted email domain bypass in all versions up to, and including, 3.11.2. This makes it possible for unauthenticated attackers to register with email...
Carousel Slider < 2.2.7 - Editor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the Slides Per View parameter in all versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 - Sensitive Information Exposure via insufficiently protected files
Description The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated...
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce < 2.6.4 - Authenticated (Admin+) PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP...
Element Pack Elementor Addons < 5.3.3 - Contributor+ Stored XSS via Custom Gallery Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the image URL parameter of the Custom Gallery Widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web...
Photo Gallery by 10Web < 1.8.22 - Admin+ Stored XSS via SVG
Description The plugin is vulnerable to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute...
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output...
ShortPixel Adaptive Images < 3.8.3 - Missing Authorization in activate_ai_handler and deactivate_ai_handler
Description The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activateaihandler and deactivateaihandler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated...
Relevanssi – A Better Search < 4.22.2 - Missing Authorization to Unauthenticated Count Option Update
Description The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execu...
Happy Addons for Elementor < 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...
Wholesale For WooCommerce < 2.3.1 - Unauthenticated Information Exposure
Description The woocommerce-wholesale-pricing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Nelio Content < 3.2.1 - Authenticated (Contributor+) Server-Side Request Forgery
Description The Nelio Content – Best Editorial Calendar & Social Media Scheduling plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with contributor-level access and above, to make web...
WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
Description The plugin does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations. PoC 1. Log in as an administrator 2. Visit...
Falang multilanguage < 1.3.48 - Authenticated (Administrator+) SQL Injection
Description The Falang multilanguage plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.47 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization
Description The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.15.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfor...
Simple Revisions Delete < 1.5.4 - Cross-Site Request Forgery
Description The Simple Revisions Delete plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.3. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forg...
WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...
WP Hotel Booking < 2.0.9.3 - Missing Authorization
Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.0.9.2. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Import WP < 2.13.1 - Admin+ Server-side Request Forgery
Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. PoC 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce...
SellKit < 1.8.3 - Authenticated (Subscriber+) Arbitrary File Download
Description The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.8.1. This is due to insufficient file validation in the handlefiledownload function. This mak...
collectchat < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The collectchat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Better Elementor Addons < 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...
Portfolio Gallery – Image Gallery Plugin < 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WCFM – Frontend Manager for WooCommerce < 6.7.9 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Description The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.7.8 due to insufficient input sanitization and output escaping...
SecuPress Free — WordPress Security < 2.2.5.2 - Cross-Site Request Forgery to Banned IP Address
Description The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for...
Post Grid, Slider & Carousel Ultimate < 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Frontend Dashboard < 2.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Frontend Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Grid Shortcodes < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Grid Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...