14602 matches found
WooCommerce Subscriptions < 2.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
An unauthenticated user could put XSS payload in their billing details when subscribing, which will then be executed in the admin dashboard when moused over...
SRS Simple Hits Counter <= 1.0.4 - Unauthenticated Blind SQL Injection
Alex Peña from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS. Note: The vendor attempted a fix in v1.0.4, which is incomplete. PoC The PoC will be displayed once the issue has been remediated...
Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass
Due to the plugin not properly checking the file being uploaded via the dndcodedropzupload AJAX action, an attacker could bypass the checks in place and upload a PHP file. There was a working exploit provided along with this vulnerability. It also requires the Contact Form 7 plugin to be installe...
wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via User Agent
The plugin did not escape, validate or escape the User Agent header before outputting back in the page, leading to a reflected Cross-Site Scripting issue...
Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email. PoC...
Media Library Assistant < 2.82 - Authenticated Stored Cross-Site Scripting (XSS)
The Media Library Assistant plugin before 2.82 for WordPress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript...
Vanguard <= 2.1 - Multiple Cross-Site Scripting (XSS)
The plugin does not sanitise, validate or escape some of its parameters before outputting the back in various place, leading to either Stored or Reflected Cross-Site Scripting issues PoC Put the following payload in the In Products Search box: " POST /search HTTP/1.1 Accept:...
Search Meter < 2.13.3 - CSV Injection
A CSV Injection vulnerability was discovered in the Search Meter WordPress plugin. Version 2.13.2 and possibly earlier versions of the plugin was found to be affected. According to the reporter, the issue was reported to the plugin's author but they did not respond...
Easy Property Listings < 3.4 - Cross-Site Request Forgery (CSRF)
No details were provided...
Profile Builder and Profile Builder Pro < 3.1.1 - User Registration With Administrator Role
The plugin is affected by a broken authentication vulnerability, allowing unauthenticated users to register or edit their account and gain the Administrator role using the plugin's forms. The vulnerability only exists in the Plugin's own generated Registration Form or Profile Edit Form. This mean...
Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)
Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. PoC As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...
Ninja Forms < 3.4.23 - CSRF to Stored Cross-Site Scripting (XSS)
Authenticated Stored XSS vulnerabilities in recaptchasitekey, recaptchasecretkey, recaptchalang and dateformat keys, which can be performed via CSRF attacks...
Code Snippets < 2.14.0 - CSRF to RCE
This "flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site." PoC...
WPS Hide Login < 1.5.5 - Secret Login Page Disclosure
fixed a vulnerability in version 1.5.4.2 and below that could allow an attacker to find and access the secret login page...
TownHub < 1.0.6 - Multiple Vulnerabilities
Multiple vulnerabilities was discovered in the 'TownHub - Directory & Listing WordPress Theme', tested version — v1.0.2: - Unauthenticated XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 5th, 2020 - Envato Investigating January 6th, 2020 -...
Zoho CRM Lead Magnet Plugin - Authenticated Cross Site Scripting (XSS)
The version affected was version 1.6.9.1 The plugin was removed from the WordPress plugin directory on October 15th 2019...
ArForms < 4.0 - Unauthenticated Arbitrary File Deletion via Traversal
"arfdeletefile in arformcontroller.php allows unauthenticated users to delete an arbitrary file by supplying its full pathname" The vendor contacted the WPScan Team stating that the issue had been resolved in version 4.0...
Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart. PoC curl -i -s -k -X $'POST' \ -H...
Easy Fancybox < 1.8.18 - Authenticated Stored XSS
The Easy FancyBox WordPress plugin was affected by an Authenticated Stored XSS security vulnerability...
Search Exclude < 1.2.4 - Arbitrary Settings Change
Unauthenticated plugin settings change via admininit Authenticated plugin settings change via AJAX...
UserPro <= 4.9.34 - Unauthenticated Reflected XSS
Edit WPscanTeam: August 26th, 2019 - Envato Notified September 2nd, 2019 - v4.9.34 released, still vulnerable September 24th, 2019 - v4.9.35 and 4.9.35.1 released, fixing the issue PoC...
WooCommerce Address Book < 1.6.0 - CSRF
The WooCommerce Address Book WordPress plugin was affected by a CSRF security vulnerability...
WP Social Feed Gallery < 2.4.8 - CSRF & Missing Authorisation Checks
The lack of CSRF and Authorisations checks in some AJAX methods, such as qliggdismissnotice and qliggformitemdelete could allow attacker to perform unauthorised actions via actions when logged in as a low privilege user, or via CSRF attacks...
ND Booking < 2.5 - Unauthenticated Options Change
The Hotel Booking WordPress plugin was affected by an Unauthenticated Options Change security vulnerability...
Simple Link Directory < 7.3.5 - Cross-Site Scripting (XSS)
An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because eschtml is not called for the 'echo getthetitle' or 'echo $term-name' statement...
ACF Better Search <= 3.3.0 - Cross-Site Request Forgery (CSRF)
The ACF: Better Search WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...
WP Slimstat <= 4.8 - Unauthenticated Stored XSS from Visitors
This vulnerability allows a visitor to inject arbitrary JavasScript code on the plugin access log functionality, which is visible both on the plugin’s access log page and on the admin dashboard index—‚ the default page shown once you log in...
Ultimate Faqs < 1.8.22 - Cross-Site Scripting (XSS)
The Ultimate FAQ – WordPress Q Plugin WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Contact Form Builder <= 1.0.68 - CSRF to LFI
The WDContactFormBuilder WordPress plugin was affected by a CSRF to LFI security vulnerability...
WP Live Chat Support Pro < 8.0.07 - Unauthenticated RCE
The wp-live-chat-support-pro WordPress plugin was affected by an Unauthenticated RCE security vulnerability...
Give <= 2.3.0 - Cross-Site Scripting (XSS)
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Instagram Feed <= 1.11.3 - Unspecified Issues
The Smash Balloon Social Photo Feed WordPress plugin was affected by an Unspecified Issues security vulnerability...
WP Support Plus Responsive Ticket System < 9.1.2 - Stored XSS
The WP Support Plus Responsive Ticket System WordPress plugin was affected by a Stored XSS security vulnerability...
Gift Voucher <= 4.1.1 - Unauthenticated Blind SQL Injection
The wpgvdoajaxfronttemplate AJAX action both authenticated and unauthenticated, defined in the front.php does not sanitised, validate or escape the templateid parameter before using it in a SQL statement, leading to a SQL Injection issue. This has been present since at least 1.0.5 v4.1.0 tried to...
Gwolle Guestbook <= 2.5.3 - Cross-Site Scripting (XSS)
The Gwolle Guestbook WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Site Reviews <= 2.15.2 - Cross-Site Scripting (XSS)
The Site Reviews WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
WP Google Map < 4.0.4 - XSS
The WP Google Map Plugin WordPress plugin was affected by a XSS security vulnerability...
Bbp Move Topics < 1.1.6 - Code Injection & CSRF
The bbPress Move Topics WordPress plugin was affected by a Code Injection & CSRF security vulnerability...
Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)
The Import any XML or CSV File to WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Super Socializer <= 7.10.6 - Authentication Bypass
You can log in to the site with any user if you know the user's email address. PoC // Steps: // Fill this 3 variable var url = 'http://my-site.com/wordpress/', //website url. Closing slash required email = '[email protected]', //The admin email address to exploit nonce = 'e86377d05a'; // View...
WP Support Plus Responsive Ticket System < 9.0.3 - Multiple Authenticated SQL Injection
The WP Support Plus Responsive Ticket System WordPress plugin was affected by a Multiple Authenticated SQL Injection security vulnerability...
NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
XSS in error message caused by alt and title image attributes...
Dark Mode <= 1.6 - Stored XSS
The Dark Mode WordPress plugin was affected by a Stored XSS security vulnerability...
SrbTransLatin <= 1.46 - Stored XSS & CSRF
The SrbTransLatin – Serbian Latinisation WordPress plugin was affected by a Stored XSS & CSRF security vulnerability...
Affiliate Ads for Clickbank Products <= 1.6 - Stored Cross-Site Scripting (XSS)
The Affiliate Ads for Clickbank Products WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...
UserPro <= 4.9.17 - Authentication Bypass
The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. PoC 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?upautolog=true to t...
Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)
The Import any XML or CSV File to WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
WPHRM <= 1.0 - Authenticated SQL Injection
The vulnerability allows an employee users to inject SQL commands. PoC http://localhost/PATH/?hr-dashboard=user=message=viewmessage=inbox=SQL-23+union+select 1,2,3,4,5,SELECT+GROUPCONCATtablename+SEPARATOR+0x3c62723e+FROM+INFORMATIONSCHEMA.TABLES+WHERE+TABLESCHEMA=DATABASE,7,8--%20-...
Analytics Tracker < 1.1.1 - XSS
The Analytics Tracker WordPress plugin was affected by a XSS security vulnerability...
WP Custom Fields Search - Unauthenticated Reflected Cross-Site Scripting (XSS)
The WP Custom Fields Search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...