14602 matches found
UpdraftPlus: WordPress Backup & Migration < 1.23.11 - Google Drive Storage Update via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage...
wpDiscuz < 7.6.12 - Missing Authorization in AJAX Actions
Description The plugin is vulnerable to unauthorized use of functionality due to a missing capability check on functions corresponding to AJAX actions in versions up to, and including, 7.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view user...
wpDiscuz < 7.6.4 - Author+ IDOR
Description The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on a function...
wpDiscuz < 7.6.6 - Unauthenticated SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
1003 Mortgage Application < 1.80 - Improper Neutralization of Formula Elements in a CSV File
Description Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75...
wpDiscuz < 7.6.12 - Unauthenticated Stored XSS
Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
Kadence WooCommerce Email Designer < 1.5.12 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Export Users Data CSV < 2.2 - Improper Neutralization of Formula Elements in a CSV File
Description Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1...
wpDiscuz < 7.6.11 - Unauthenticated Content Injection
Description The plugin is vulnerable to Arbitrary Content Injection, making it possible for unauthenticated attackers to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing...
Posts and Users Stats < 1.1.4 - Improper Neutralization of Formula Elements in a CSV File
Description Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...
wpDiscuz < 7.6.11 - Insufficient Authorization to Comment Submission on Deleted Posts
Description The plugin is vulnerable to unauthorized modification of data due to insufficient validation on the comment functionality, making it possible for unauthenticated attackers to leave comments on trashed posts...
WP Reroute Email < 1.4.8 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6...
Mmm Simple File List <= 2.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...
Coming Soon < 1.6.0 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a...
Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in amin open...
WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion
Description This plugin is vulnerable to a local file inclusion via the path parameter. PoC Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary file path on the server, - "/etc/resolv.conf" - "/etc/hosts" - "../../../wp-config.php"...
Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update
Description The plugin is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. PoC As an Admin, open the Limit Login Attempts page in WP Admin and run the following code in the browser console: nonce =...
Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
Description The plugin does not escape the custom shipping phone field no the checkout form leading to XSS PoC 1 Install both WooCommerce and the plugin. 2 Set a WooCommerce shipping method, and the store's address to one that is in Vietnam. 3 Add product to cart, and proceed to checkout 4 Tick...
Webpushr < 4.35.0 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. PoC 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the...
MomentoPress for Momento360 < 1.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery
Description This plugin is vulnerable to server-side request forgery SSRF via the path parameter. PoC Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary URL http://example.com/latest/meta-data/iam/security-credentials/wpb-apps-prod-role the website...
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
Description The plugin does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. PoC Run the below command in the developer console of the web browser while being on the blog as a subscriber user...
WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update
Description The plugin does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded; charset=UTF-8", , "body":...
WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. This was partially fixed in version 1.4.4 but it still allowed XSS attacks from Admin users. PoC fetch"/wp-admin/admin-ajax.php",...
Security & Malware scan by CleanTalk < 2.121 - IP Spoofing
Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. PoC Send 5 invalid login requests and thus block the IP address. POST /wp-login.php HTTP/1.1 Host: localhost...
Icons Font Loader < 1.1.2.1 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...
Simple Social Buttons < 5.1.1 - Unauthenticated Password Protected Post Access
Description The plugin leaks password-protected post content to unauthenticated visitors in some meta tags PoC As unauthenticated, view the source of any password-protected post and see that the content of the post is disclosed in the og:description and twitter:description meta tags...
POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting
Description The plugin does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. PoC 1. Install Post SMTP in version Email Log 4. Click 'View' next to the first record. 5. The message is...
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. PoC 1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating...
Feather Login Page < 1.1.4 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure
Description The plugin contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of...
WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks. PoC curl https://example.com -H 'X-Forwarded-For: ' Then, as a high-privileged user, visit...
Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import
Description The plugin does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them The issue was partially fixed in 2.20.29 only adding authorisation checks. CSRF checks were added in 2.20.32 PoC As an unauthenticated user,...
WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS
Description The plugin does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins PoC wget --header="X-Forwarded-For: " https://example.com -q -O- The XSS will be triggere...
Bookly < 22.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an admin user, visit the...
Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload
Description The plugin allows forum administrators, who may not be WordPress super-administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files e.g. .php, .phtml, potentially leading to remote code execution. PoC Any user who has the rights to modify t...
Ultimate Addons for WPBakery Page Builder < 3.19.15 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
FareHarbor < 3.6.8 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not adequately sanitize input or escape output on user-supplied attributes, leading to the possibility of Stored Cross-Site Scripting via shortcodes. This issue arises when authenticated users with contributor-level or higher permissions inject arbitrary web scripts in...
Your Journey theme <= 1.9.8 - Reflected Cross-Site Scripting via Prototype Pollution
Description The plugin does not properly sanitize input and escape output, resulting in a vulnerability to Reflected Cross-Site Scripting via prototype pollution. This could lead to the injection of arbitrary web scripts in pages that execute when a user is tricked into performing an action like...
Bellows Accordion Menu < 1.4.3 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not adequately sanitize user-supplied attributes in shortcodes, nor does it correctly escape output. This can lead to injection of arbitrary web scripts in pages by authenticated users with contributor-level permissions...
Grid Plus <= 1.3.4 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
HTML filter and csv-file search < 2.8 - Contributor+ Local File Inclusion
Description The plugin does not properly sanitize and validate the 'src' attribute of the 'csvsearch' shortcode, leading to a Local File Inclusion vulnerability...
Grid Plus < 1.3.4 - Subscriber+ Local File Inclusion
Description The plugin does not properly validate and sanitize shortcode attributes, leading to a Local File Inclusion vulnerability. This flaw could enable attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls, exposing sensitive data, or...
Live updates from Excel < 2.3.3 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize and escape user supplied attributes in the 'ipushpullpage' shortcode. This lack of sufficient input validation could potentially allow script injection...
Medialist < 1.4.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC medialist style='"...
Simple Shortcodes <= 1.0.20 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not sufficiently sanitize input or escape output on user-supplied attributes, resulting in a potential for Stored Cross-Site Scripting via shortcodes. This flaw makes it possible for users with contributor-level permissions or higher to inject arbitrary web scripts int...
Motors – Car Dealer & Classified Ads <= 1.4.6 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Winters theme <= 1.4.3 - Reflected Cross-Site Scripting via Prototype Pollution
Description The theme does not properly sanitize user inputs nor escape output, leading to a reflected Cross-Site Scripting vulnerability via prototype pollution...
WP Simple Galleries <= 1.34 - Contributor+ PHP Object Injection
Description The plugin does not properly handle deserialization of untrusted input from the 'wpsimplegallerygallery' post meta via 'wpsgallery' shortcode...
Carousel, Recent Post Slider and Banner Slider < 2.1 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not correctly sanitize and escape user-supplied attributes in the 'spicepostslider' shortcode. This oversight could lead to the injection of arbitrary web scripts into pages that will execute whenever accessed by a user...