14602 matches found
BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Bulk NoIndex & NoFollow Toolkit < 1.5 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Timely Booking Button <= 2.0.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
simple-download-button-shortcode <= 1.1.1 - Sensitive Data Disclosure
Description A vulnerability classified as problematic has been found in simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...
WP Discord Invite < 2.5.2 - Admin+ Stored Cross Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to the WP Discord Invite...
Google Map Shortcode <= 3.1.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
GTmetrix for WordPress < 0.4.8 - Arbitrary Post Deletion via CSRF
Description The plugin does not have CSRF check when deleting posts, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Saphali Woocommerce Lite < 1.9.0 - Settings Update/Reset via CSRF
Description The plugin does not have CSRF check in place when updating and reseting its settings, which could allow attackers to make a logged in admin change and reset them via a CSRF attack...
Update ands from Zip File <= 2.0.0 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
FooGallery < 2.3.2 - Extensions Mgt via CSRF
Description The plugin does not have CSRF checks when activating/deactivating and downloading extensions, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
Blocks <= 1.6.42 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Rescue Shortcodes <= 2.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP Event Manager < 3.1.38 - Admin+ Stored XSS
Description The plugin does not adequately sanitize and escape input in the admin settings. This flaw could lead to stored cross-site scripting attacks, specifically in multi-site installations or where unfilteredhtml has been disabled...
Cookie Notice & Consent < 1.6.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...
Post List With Featured Image <= 1.2.1 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CT Commerce <= 2.0.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Jupiter X Core Premium < 3.4.3 - Unauthenticated Privilege Escalation
Description The plugin does not properly validate users during the Facebook login process, allowing unauthenticated users to login as any user by knowing their email address...
Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin PoC 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within...
Herd Effects < 5.2.3 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC In the plugin settings, add a new...
WPPizza < 3.17.2 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Multiple Plugins from Inisev - Plugin Installation via CSRF
Description Multiple plugins from the Inisev vendor are lacking CSRF check in the handleinstallation function hooked to the inisevinstallation AJAX action, allowing unauthenticated attackers to make logged in admins install plugins from Inisev on the blog via a CSRF attack...
FiveStarPlugins Restaurant Menu and Food Ordering < 2.4.7 - Cross-Site Request Forgery
Description The plugin does not properly validate user-supplied input uses nonces, leading to a potential Cross-Site Request Forgery vulnerability...
WP PDF Generator < 1.2.3 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in wpexperts.Io WP PDF Generator plugin = 1.2.2 versions...
WooCommerce Order Barcodes < 1.6.5 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Order Barcodes plugin = 1.6.4 versions...
WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks PoC Make a logged in admin open an HTML pa...
Forminator < 1.24.4 - Reflected XSS
The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. PoC 1. Create a "Contact Us" form from the plugin presets 2. Click on the Message field, go to the "Settings" tab and choose a...
Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Missing Access Controls
The vulnerability allows any Author leveled users to perform actions that only an administrator should be allowed to do e.g., sending unsolicited e-mail to users...
Direct checkout, Add to cart redirect for Woocommerce < 2.1.49 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
MStore API < 4.0.2 - Unauthenticated SQL Injection
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS
The plugin does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. PoC 1. Upload an SVG file with the following contents. 2. View the SVG file on the frontend and see the alerts...
MStore API < 3.9.8 - Unauthenticated SQL Injection
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
Mailtree Log Mail < 1.0.1 - Unauthenticated Stored Cross-Site Scripting
The plugin does not properly sanitize and escape the input received through the email subject, leading to potential Stored Cross-Site Scripting XSS. This can result in the execution of arbitrary web scripts whenever a user accesses a compromised page...
WooCommerce PayPal Payments < 2.0.5 - Merchant ID Details Update via CSRF
The plugin does not have CSRF checks when updating the merchant ID details, which could allow attackers to make logged in users update them via a CSRF attack...
Google Map Shortcode <= 3.1.2 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Flo Forms <= 1.0.40 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. PoC Make a logged-in admin a page with the code below: Note: Make sure in Client Portal the compan...
KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator PoC Make a logged in admin open...
Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: The plugin requires WPBakery Page...
Contact Form Entries < 1.3.1 - Contributor+ Stored XSS
The plugin does not sanitize and escape the vx-entries shortcode attributes before using them, which could allow a logged in user with roles as low as contributor to inject arbitrary web scripts into posts or pages...
Groundhogg <= 2.7.9.8 - Lack of Authorization for Non-Arbitrary File upload
The plugin fails to validate the destination contact for the file upload, allowing any Subscriber+ user to upload files to arbitrary contacts...
BP Social Connect < 1.6.2 - Authentication Bypass
The plugin does not properly verify the user through its Facebook login, which could allow attackers to login as any user knowing their email address...
WeSecur Security <= 1.2.1 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize and escape user input, leading to a stored XSS vulnerability...
Better Notifications for WP < 1.9.3 - Cross-Site Request Forgery (CSRF)
The plugin does not protect its handleactions function against CSRF attacks, allowing an unauthenticated attacker to enable or disable notifications by tricking a logged in administrator to submit a crafted request...
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a pag...
WooCommerce Composite Products < 8.7.6 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC On a page where a Component Product is displayed, append...
Slimstat Analytics < 5.0.5 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
UserAgent-Spy <= 1.3.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...