14602 matches found
EasyEvent <= 1.0.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID...
BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal
Description Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on the admininit hook. This makes it possible for unauthenticated attackers to dismiss notices via a forged request grant...
Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via title_tag
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will...
NewsXpress < 1.0.8 - Cross-Site Request Forgery to Notice Dismissal
Description The NewsXpress theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the dismissedhandler function. This makes it possible for unauthenticated attackers to dismiss notices via a...
Gutenverse < 1.9.1 - Contributor+ Stored XSS
Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below cod...
Responsive Lightbox < 2.4.7 - Information Disclosure
Description The plugin is vulnerable to unauthorized access due to a missing capability check on the galleryattributes function in versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with contributor-level access and above, to view post content they shouldn't...
GiveWP – Donation Plugin and Fundraising Platform < 3.7.0 - Contributor+ Stored Cross-Site Scripting via Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'giveform' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
ProfileGrid < 5.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.6 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...
Slideshow Gallery < 1.7.9 - Settings Reset via CSRF
Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
EmbedPress < 3.9.12 - Missing Authorization
Description The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the deletesourcedata and savesourcedata functions in versions up to, and including, 3.9.11. This makes it possible for unauthenticated attackers to modify data sources...
Media Library Folders < 8.1.9 - Authenticated (Author+) Directory Traversal
Description The Media Library Folders plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.1.8. This makes it possible for authenticated attackers, with author-level access and above, to read/access the contents of arbitrary files on the server, which...
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Salon Services Add New...
Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin or editor depending on plugin configuration to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CRM Perks Forms < 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Social Icons Widget & Block by WPZOOM < 4.2.16 - Missing Authorization
Description The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the zoomajaxsetpointertransient function in versions up to, and including, 4.2.15. This makes it possible for authenticated attackers, with...
CRM Perks Forms < 1.1.5 - Unauthenticated SQL Injection
Description The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacker...
Woocommerce Social Media Share Buttons <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting
Description The Woocommerce Social Media Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...
WP Cost Estimation & Payment Forms Builder < 10.1.76 - Authenticated (Contributor+) SQL Injection
Description The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 10.1.75 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Paid Memberships Pro – Mailchimp Add On < 2.3.5 - Unauthenticated Information Disclosure
Description The Paid Memberships Pro – Mailchimp Add On plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.4 via log files. This makes it possible for unauthenticated attackers to extract information from log files...
Brave Popup Builder < 0.6.6 - Unauthenticated Server-Side Request Forgery
Description The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.6.5. This makes it possible for unauthenticated attackers to make web requests to...
Contact Form 7 Newsletter <= 2.2 - Reflected Cross-Site Scripting
Description The Contact Form 7 Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
WPC Badge Management for WooCommerce < 2.4.1 - Missing Authorization
Description The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
Events Manager < 6.4.7.2 - Cross-Site Request Forgery
Description The Events Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...
GS Testimonial Slider < 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The GS Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) < 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
Better Elementor Addons < 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...
WPCS < 1.2.0.2 - Cross-Site Request Forgery
Description The WPCS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0.1. This is due to missing or incorrect nonce validation on the saveetalon function. This makes it possible for unauthenticated attackers to update the plugin's settings vi...
All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting
Description The All In One Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
IP Blocker Lite <= 11.1.1 - IP Spoofing
Description The LionScripts: IP Blocker Lite plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 11.1.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP Address and bypass blocklisting...
Klarna Payments for WooCommerce < 3.3.0 - Missing Authorization
Description The Klarna Payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the block content due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute...
Forminator < 1.29.1 - Reflected Cross-Site Scripting
Description The plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into...
Photo Gallery by Supsystic < 1.15.17 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The WordPress Meta Data and Taxonomies Filter MDTF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Fancy Comments WordPress < 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Fancy Comments WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's facebookcommentsshortcode shortcode function in all versions up to, and including, 1.2.14 due to insufficient input sanitization and output escaping on user supplied...
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget
Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
Pods < 3.1 - Contributor+ SQLi
Description The plugin is vulnerable to SQL Injection via shortcode due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append...
Pocket News Generator <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for...
WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "WP Staging Backup &...
WP Reset < 2.0 - Sensitive Information Exposure due to Insufficient Randomness
Description The plugin is vulnerable to Sensitive Information Exposure via the use of insufficiently random snapshot names, allowing unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames...
coreActivity < 2.1 - Unauthenticated IP Spoofing
Description The plugin retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value PoC As unauthenticated: curl 'https://example.com/attacker' -H 'X-FORWARDED: 127.0.0.1' Then view the logs and note that the plugin...
WordPress Action Network 1.4.3 - Admin+ SQLi
Description The plugin is vulnerable to SQL Injection via the 'bulk-action' parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and...
Simple Ajax Chat < 20240216 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Check & Log Email < 1.0.10 - Unauthenticated Hook Injection
Description The plugin is vulnerable to Unauthenticated Hook Injection via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, a...
Advanced Access Manager < 6.9.21 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Blocksy Companion < 2.0.32 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing < 3.6.4 - Plugin Settings Update via CSRF
Description The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin'...
Page Builder: Pagelayer – Drag and Drop website builder < 1.8.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
WP Coder < 3.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The WP Coder – Powerful HTML, CSS, JS and PHP Injection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...