14602 matches found
Shareaholic < 9.7.12 - Missing Authorization via accept_terms_of_service
Description The Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'accepttermsofservice' function in all versions up to, and including, 9.7.11. This makes it...
Orbit Fox by ThemeIsle < 2.10.29 - Unauthenticated Connected API Keys Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function, allowing unauthenticated attackers to update the connected API keys...
WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes
Description The plugin is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises...
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
Description The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploa...
DearFlip < 2.2.27 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via outline settings due to insufficient input sanitization and output escaping on user supplied data, allowing authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that wi...
Ninja Forms Contact Form < 3.7.2 - Unauthenticated Second Order SQL Injection
Description The plugin is vulnerable to Second Order SQL Injection via the email address value submitted through forms due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks < 3.1.5 - PHP Object Injection via wopb_wishlist and wopb_compare
Description The ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.4 via deserialization of untrusted input from the 'wopbwishlist' and 'wopbcompare' cookies. This makes it possible for...
SiteOrigin Widgets Bundle < 1.58.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the code editor due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to perform Stored XSS attacks...
Starbox < 3.4.8 - Subscriber+ Plugin Preferences / User Settings Access via IDOR
Description The plugin is vulnerable to Insecure Direct Object Reference via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings...
Mang Board WP < 1.7.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Content Views < 3.6.3 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Getwid – Gutenberg Blocks < 2.0.5 - Captcha Bypass
Description The plugin is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array...
PDF Invoices & Packing Slips for WooCommerce < 3.7.6 - Shop Manager+ SQL Injection
Description The plugin is vulnerable to SQL Injection via the getnumbers function in all versions up to, and including, 3.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...
Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to
Description The Post views Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from’ and 'to' parameters in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
Description The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. PoC...
Orbit Fox by ThemeIsle < 2.10.28 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL...
MailerLite – WooCommerce integration < 2.0.9 - Missing Authorization via Multiple Functions
Description The MailerLite – WooCommerce integration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with subscriber-level...
Infogram <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Infogram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection
Description The pTypeConverter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.2.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers...
Ideal Interactive Map <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Ideal Interactive Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...
EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure
Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set for example for Zoom PoC curl -X POST --data "eid=240"...
Quiz And Survey Master < 8.1.19 - Quiz Results Deletion via CSRF
Description The plugin does not have CSRF checks in some functions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete quiz results...
Local Delivery Drivers for WooCommerce < 1.9.1 - Missing Authorization to Driver Account Takeover
Description The Local Delivery Drivers for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'lddfweditdriverservice' function in all versions up to, and including, 1.9.0. This makes it possible for...
WooCommerce PDF Invoices < 4.3.0 - Shop Manager+ Arbitrary Options Update
Description The plugin does not have proper authorisation in its JSON import feature, which could allow Shop Manager and above roles to update arbitrary blog options...
FastDup < 2.1.8 - Sensitive Information Exposure via Log File
Description The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.7 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including...
Events Shortcodes & Templates For The Events Calendar < 2.3.2 - Authenticated (Contributor+) SQL Injection via shortcode
Description The Events Shortcodes & Templates For The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 2.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
WP Frontend Profile < 1.3.2 - Unauthenticated Privilege Escalation
Description The plugin is vulnerable to privilege, allowing unauthenticated attackers to take over arbitrary accounts on the site...
Orbit Fox Companion < 2.10.27 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields due to insufficient input sanitization and output escaping on user supplied values, allowing authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in...
Active Products Tables for WooCommerce < 1.0.6.1 - Unauthenticated PHP Object Injection
Description The Active Products Tables for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.6 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is...
Uncode Core < 2.8.7 - Reflected Cross-Site Scripting
Description The uncode-core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
All-in-one Floating Contact Form < 2.1.4 - Unauthenticated Unauthorised Action
Description The plugin does not have authorisation check in a function, which could allow unauthenticated users to perform an unauthorised action...
Add Any Extension to Pages < 1.5 - Cross-Site Request Forgery via aaetp_options_page
Description The Add Any Extension to Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'aaetpoptionspage' function. This makes it possible for unauthenticated attackers to...
Crowdsignal Dashboard < 3.1.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Stylish Price List < 7.0.18 - Missing Authorization
Description The Stylish Price List plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on multiple functions in versions up to, and including, 7.0.17. This makes it possible for authenticated attackers, with contributor-level access a...
RegistrationMagic < 5.2.5.1 - Form Submission Limit Bypass
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to form submission limit bypass in all versions up to, and including, 5.2.5.0 due to insufficient protection logic. This makes it possible for unauthenticat...
AI Power: Complete AI Pack – Powered by GPT-4 < 1.8.3 - Missing Authorization to Sensitive Data Exposure
Description The AI Power: Complete AI Pack – Powered by GPT-4 plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgexportlogscallback function in all versions up to, and including, 1.8.2. This makes it possible for unauthenticated attackers to...
WooCommerce Stripe Payment Gateway < 7.6.2 - Unauthenticated Order Deletion via IDOR
Description The plugin doe snot properly check for ownership of completed/pending orders, allowing unauthenticated users to put such order in the trash and delete them...
MapPress Maps for WordPress < 2.88.14 - Contributor+ Stored XSS
Description The plugin does not sanitize and escape the Point of Interest Title and Description options in a map, allowing Contributor and above role to perform Stored Cross-Site Scripting attacks PoC As a contributor, add/edit a Map and search any location you want. Add XSS Payload on Location’s...
OMGF < 5.7.10 - Unauthenticated Directory Deletion & Stored XSS
Description The plugin is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used t...
FooGallery Premium < 2.4.6 - Contributor+ Stored XSS
Description The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors an...
FunnelKit Checkout < 3.11.0 - Subscriber+ Arbitrary Plugin Activation
Description The FunnelKit Checkout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 3.10.3. This makes it possible for authenticated attackers, with subscriber access and above, t...
Ultimate Addons for Beaver Builder < 1.35.14 - Contributor+ Arbitrary File Download
Description The Ultimate Addons for Beaver Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.35.13. This makes it possible for authenticated attackers, with Contributor access and above, to read the contents of a limited subset of arbitrary...
Piotnet Forms < 1.0.30 - Missing Authorization via multiple AJAX actions
Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX functions, allowing unauthenticated attackers to save draft posts and download arbitrary JSON files from the server...
Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC...
Booking Calendar WpDevArt < 3.2.12 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Ultimate Dashboard < 3.7.12 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
MW WP Form < 5.0.4 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion
Description The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete...
Image horizontal reel scroll slideshow < 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin
Description Any unauthenticated user may send e-mail from the site with any title or content to the admin PoC fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwidsendmail", "headers": "content-type": "application/x-www-form-urlencoded", , "body": "datasubject=Urgent WordPress update...
WP Photo Album Plus < 8.6.01.005 - IP Spoofing
Description The plugin does not properly check for IP addresses, allowing attackers to spoof IP addresses via headers and bypass the login protection offered by the plugin...