14602 matches found
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.7.9 - Authenticated (Contributor+) SQL Injection via Shortcode
Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customerid parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of...
FV Flowplayer Video Player < 7.5.44.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...
WPFunnels < 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible...
Smart Custom Fields < 5.0.0 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure
Description The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level acces...
Graphene < 2.9.3 - Unauthenticated Password Protected Post Access
Description The theme is vulnerable to unauthorized access of data via meta tag, allowing unauthenticated individuals to obtain post contents of password protected posts via the generated source...
Font Farsi <= 1.6.6 - Admin+ Stored XSS in Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
Backuply – Backup, Restore, Migrate and Clone < 1.2.8 - Admin+ Directory Traversal
Description The Backuply – Backup, Restore, Migrate and Clone plugin is vulnerable to Directory Traversal via the backupname parameter in the backuplydownloadbackup function...
Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget
Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carouselskin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possib...
HT Mega – Absolute Addons For Elementor < 2.4.5 - Contributor+ Stored Cross-Site Scripting via Post Carousel Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘bordertype’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget
Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...
Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget
Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...
Sky Addons for Elementor < 2.5.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL
Description The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to...
Tutor LMS – eLearning and online course solution < 2.6.2 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erasetutordata function. This makes it possible for...
LadiApp <= 4.4 - Missing Authorization via save_config()
Description The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveconfig function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update t...
Auto Affiliate Links < 6.4.3.1 - Missing Authorization via aalAddLink
Description The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or...
Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on us...
CM Download Manager < 2.9.0 - Download Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack PoC Make an admin open the URL below https://example.com/cmdownload/del/id/...
AI Engine < 2.2.1 - Unauthenticated Stored Cross-Site Scripting
Description The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output...
Download Manager < 3.2.86 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Avada | Website Builder For WordPress & WooCommerce < 7.11.5 - Authenticated (Contributor+) Arbitrary File Upload
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers,...
Configure SMTP <= 3.1 - Reflected Cross-Site Scripting
Description The Configure SMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
System Dashboard < 2.8.10 - XSS via Header Injection
Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks PoC X-Forwarded-For: 11.11.11.11...
postMash – custom post order <= 1.2.0 - Reflected Cross-Site Scripting via m
Description The postMash – custom post order plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘m’ parameter in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form
Description The Change Table Prefix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'changeprefixform' function. This makes it possible for unauthenticated attackers to toggle...
Custom Order Statuses for WooCommerce <= 1.5.2 - Cross-Site Request Forgery
Description The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to modif...
Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update
Description The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attacker...
Schema & Structured Data for WP & AMP < 1.27 - Contributor+ reCaptcha Key Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function, allowing authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially...
Ocean Extra < 2.2.5 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via custom fields due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesse...
My Calendar < 3.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The My Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization
Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it...
Microsoft Clarity < 0.9.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the editclarityprojectid function. This makes it possible for unauthenticated attackers to change the project ...
Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not prevent users with at least the contributor role from conducting Stored XSS attacks via the plugin's onClick Event functionality...
Sydney Toolbox < 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for...
MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update
Description The moveto plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, potentially leading to site...
Maspik – Spam blacklist < 0.10.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Maspik – Spam Blacklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change
Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...
Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
Simple Page Access Restriction < 1.0.23 - Improper Access Control to Sensitive Information Exposure via REST API
Description The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in disableOptimization
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
BookIt <= 2.4.0 - Price Bypass
Description The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to Price Bypass in versions up to and including 2.4.0. This makes it possible for site owners to make use of premium plugin features without paying. Note that this does not meaningfully negatively...
WP-CFM < 1.7.9 - Cross-Site Request Forgery via multiple AJAX functions
Description The WP-CFM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.8. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to modify the plugin's setting...
BEAR < 1.1.4.1 - Missing Authorization via Several Functions
Description The BEAR plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the /ext/history/history.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access and...
PowerPack Pro for Elementor < 2.10.8 - Missing Authorization to Settings Reset
Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 2.10.6. This makes it possible for unauthenticated attackers to reset plugin settings...
W3SPEEDSTER < 7.20 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Dummy Content Generator < 3.1.3 - Missing Authorization
Description The WP Dummy Content Generator plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check son the wpdummycontentgeneratorDeletePosts and wpdummycontentgeneratorAjaxGenPosts functions in versions up to, and including, 3.1.2. This makes it...
Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
LearnDash LMS < 4.10.3 - Sensitive Information Exposure via API
Description The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions...
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via API
Description The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes...
Avada < 7.11.2 - Contributor+ SSRF
Description The theme does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attacks...
Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting
Description The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for...