14602 matches found
Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip
Description The Coming soon and Maintenance mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.7.3 due to the use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for attackers to bypass the coming soon...
Broken Link Checker for YouTube <= 1.3 - Cross-Site Request Forgery via plugin_settings_page()
Description The Broken Link Checker for YouTube plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the pluginsettingspage function. This makes it possible for unauthenticated attackers to...
WP Crowdfunding < 2.1.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a campaign and for the...
Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.7.4 - Unauthenticated Arbitrary File Upload
Description The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated...
WooCommerce Canada Post Shipping < 2.8.4 - Cross-Site Request Forgery
Description The WooCommerce Canada Post Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke...
Theme My Login 2FA < 1.2 - Lack of Rate Limiting
Description The plugin does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. PoC https://packetstormsecurity.com/2309-exploits/wpmylogin-bruteforce.txt...
ProfilePress < 4.13.3 - Information Disclosure via Debug Log
Description The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system error...
Best Restaurant Menu by PriceListo <= 1.3.1 - Cross-Site Request Forgery via menu_page
Description The Best Restaurant Menu by PriceListo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the menupage function. This makes it possible for unauthenticated attackers to modif...
affiliate-toolkit – WordPress Affiliate Plugin < 3.4.0 - Open Redirect via atkpout.php
Description The affiliate-toolkit – WordPress Affiliate Plugin is vulnerable to Open Redirect in versions up to, and including, 3.3.9. This is due to insufficient validation on the redirect url supplied via the 'url' parameter in atkpout.php. This makes it possible for unauthenticated attackers t...
CodeBard's Patron Button and Widgets for Patreon < 2.2.0 - Cross-Site Request Forgery
Description The CodeBard's Patron Button and Widgets for Patreon plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.9. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated...
WP EXtra < 6.5 - Cross-Site Request Forgery ToolImport
Description The WP EXtra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4. This is due to missing or incorrect nonce validation on the ToolImport function. This makes it possible for unauthenticated attackers to change plugin settings via a...
Jquery news ticker < 3.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Funnelforms Free < 3.4.2 - Missing Authorization to Category Deletion
Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permission...
ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
DrawIt (draw.io) <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The DrawIt draw.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode
Description The Remote Content Shortcode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5 via the plugin's shortcode. This allows authenticated attackers with contributor-level privileges and above to include and execute arbitrary files on the serve...
Better RSS Widget <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Better RSS Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
WP ERP < 1.12.7 - Missing Authorization via admin notice dismissal
Description The WP ERP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple admin notice dismissal function in versions up to, and including, 1.12.6. This makes it possible for authenticated attackers, with subscriber-level access a...
Freesoul Deactivate Plugins < 2.1.4 - Cross-Site Request Forgery via eos_dp_pro_delete_transient
Description The Freesoul Deactivate Plugins – Plugin manager and cleanup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 2.1.4 exclusive. This is due to missing or incorrect nonce validation on the eosdpprodeletetransient function. This makes it possible for...
File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal
Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites...
Additional Order Filters for WooCommerce < 1.12 - Reflected XSS
Description The plugin does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...
Easy PayPal Shopping Cart < 1.1.11 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
MStore API < 4.0.7 - Subscriber+ SQLi
Description The plugin does not properly sanitise and escape some parameters before using them in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...
YOP Poll < 6.5.27 - Unauthenticated Vote Manipulation via Race Condition
Description The plugin is affected by a race condition, allowing unauthenticated users to vote multiple times on a poll even when it's configured to only allow one vote per person...
Webpushr < 4.35.0 - LFI via CSRF
Description The plugin does not have CSRF check in its wppsavesettings function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF...
Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG
Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG file with malicious JavaScript: Access the file through its URL to see XSS...
IdeaPush < 8.53 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Icons Font Loader < 1.1.2.1 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...
Ads by datafeedr.com < 1.2.0 - Unauthenticated Remote Code Execution
Description The plugin does not adequately secure the 'dfadsajaxloadads' function, leading to a potential Remote Code Execution RCE vulnerability...
Grid Plus < 1.3.3 - Subscriber+ Grid Layout Creation/Deletion/Update
Description The plugin does not properly implement capability checks on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions, leading to unauthorized creation, deletion and update of grid layout by any authenticated users, such as subscriber...
Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...
FreshMail For WordPress <= 2.3.2 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion
Description The plugin does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts PoC Run the below command in the developer console of the web browser while...
AI ChatBot < 4.9.1 - Cross-Site Request Forgery (CSRF)
Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...
Skype Legacy Buttons <= 3.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Get Custom Field Values < 4.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Stout Google Calendar <= 1.2.3 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Use Memcached <= 1.0.5 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Leadster < 1.1.3 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its Script Code setting, which could allow attackers to make a logged in admin change it via a CSRF attack...
SendPress Newsletters <= 1.23.11.6 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Futurio Extra < 1.9.1 - Arbitrary Plugin Activation via CSRF
Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins perform such action via a CSRF attack...
EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. PoC Insert '"Clickme! on the keyword search field or directly on the link...
E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping
Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC 1 Create a new template on...
Welcart e-Commerce < 2.8.22 - Author+ SQL Injection
Description The plugin does not properly sanitize and escape a parameter before using it in an SQL statement, leading to an SQL injection exploitable by users with a role as low as an author...
GD Security Headers < 1.7 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. PoC This requires the plugin's Log Authentication Requests setting to be...
WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
Description The plugin does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. PoC...
Super Store Finder < 6.9.4 - Unauthenticated Email Creation/Sending
Description The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content...
wp tell a friend popup form <= 7.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...