14602 matches found
Nafeza Prayer Time <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
SEOPress < 7.8 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. PoC As a contributor, create a new Post, at the bottom of the page put the following payload in the "SEO Title"...
Essential Real Estate <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'erepropertymap' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion
Description The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the removepropertyattachmentajax function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level...
Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting
Description The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the importlinkpages function in all versions up to, and including, 1.6.9. This makes it possible for...
tagDiv Composer < 4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode
Description The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PDF.js < 4.2.67 - Arbitrary JavaScript Execution
Description PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can...
Slider Revolution < 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes
Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes...
Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Shield Security – Smart Bot Blocking & Intrusion Prevention Security < 19.1.11 - Cross-Site Request Forgery
Description The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible fo...
Premium Addons for Elementor < 4.10.32 - Contributor+ DOM-Based Stored Cross-Site Scripting via Global Tooltip
Description The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Description The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CSSable Countdown <= 1.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack PoC This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing:...
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Description The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
wpDataTables - Tables & Table Charts (Premium) < 6.4 - Missing Authorization to DataTable Access & Modification
Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdtajaxactions.php file in all versions up to, and including, 6.3.2. This makes it...
Premium Addons for Elementor < 4.10.32 - Missing Authorization to Information Disclosure
Description The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with...
Elements For Elementor < 2.2 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes
Description The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafterlayout' attribute of the beforeafter widget, the 'eventsgridlayout' attribute of the eventsgrid and list widgets, the 'marqueelayout'...
Popup Builder < 4.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS
Description The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on...
Content Blocks (Custom Post Widget) < 3.3.1 - Authenticated (Contributor+) Local File Inclusion via Shortcode
Description The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'contentblock' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inclu...
WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting PoC 1. On the login page, enter any username and for the password enter 2. As an admin, view the logs at:...
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make an admin open an HTML file containing:...
WP Logs Book <= 1.0.1 - Log Clearing via CSRF
Description The plugin does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack PoC Make an admin open an HTML file containing: Note: The 404 Error Logs can also be cleared by modifying the PoC...
QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval
Description The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the saveremoteimagesgetautosavedresults function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for...
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
Master Slider - Responsive Touch Slider < 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'cssclass'...
CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
WordPress Infinite Scroll – Ajax Load More < 7.1.2 - Authenticated (Contributor+) Cross-Site Scripting
Description The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajaxloadmore shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Contact Form Manager < 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xyz-cfm-form shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Widget Bundle <= 2.0.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enable the "Text Form" widget...
CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks PoC Codes:...
Content Blocks (Custom Post Widget) < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode
Description The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'contentblock' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC paypalbutton type="addtocart...
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Description The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
wpDataTables - Tables & Table Charts (Premium) < 6.3.2 - Unauthenticated SQL Injection
Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'idkey' parameter of the wdtdeletetablerow AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplie...
Google CSE <= 1.0.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
WP eMember < 10.3.9 - Reflected Cross-Site Scripting
Description The WooCommerce and WP eMember Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 10.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add the following shortcode ...
wpForo Forum < 2.3.4 - Authenticated (Contributor+) SQL Injection
Description The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Royal Elementor Addons and Templates < 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.1 - Missing Authorization to Privilege Escalation
Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This...
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder < 2.5.52 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttononeid’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it...
Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users PoC On a site with the User Login/Registration widget active, have an unauthenticated user send...
Page Builder Gutenberg Blocks – CoBlocks < 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles
Description The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Social Profiles widget in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
Royal Elementor Addons and Templates < 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input...
Premium Addons for Elementor < 4.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget
Description The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Starter Templates — Elementor, WordPress & Beaver Builder Templates < 4.2.2 - Contributor+ Stored Cross-Site Scripting
Description The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes...
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Description The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
DethemeKit For Elementor < 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute
Description The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user...
Happy Addons for Elementor < 3.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...