14602 matches found
iframe forms <= 1.0 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize and escape the 'iframe' shortcode. This leads to the possibility of stored Cross-Site Scripting where arbitrary web scripts can be injected into pages...
Ads by datafeedr.com < 1.2.0 - Unauthenticated Remote Code Execution
Description The plugin does not adequately secure the 'dfadsajaxloadads' function, leading to a potential Remote Code Execution RCE vulnerability...
Buzzsprout Podcasting < 1.8.5 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not adequately sanitize and escape user-supplied attributes in the 'buzzsprout' shortcode, which leads to a potential Stored Cross-Site Scripting vulnerability. This issue can result in the injection of arbitrary web scripts into pages, which are then executed when a...
LearnDash LMS < 4.5.3.1 - SQL Injection
Description The plugin does not properly neutralize special elements used in an SQL command, leading to potential SQL injection vulnerability...
Grid Plus < 1.3.3 - Subscriber+ Grid Layout Creation/Deletion/Update
Description The plugin does not properly implement capability checks on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions, leading to unauthorized creation, deletion and update of grid layout by any authenticated users, such as subscriber...
Zotpress < 7.3.5 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Google Maps made Simple <= 0.6 - Subscriber+ SQL Injection
Description The plugin does not properly escape user-supplied parameters nor adequately prepare its SQL queries within the plugin's shortcode...
Smart Online Order for Clover < 1.5.5 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
nsc theme <= 1.0 - Reflected Cross-Site Scripting
Description The theme does not sufficiently sanitize input or escape output, leading to potential Reflected Cross-Site Scripting via prototype pollution...
Post Meta Data Manager < 1.2.1 - Unauthenticated Data Deletion
Description The plugin does not perform proper capability checks on certain functions, leading to potential unauthorized modification of data. This could result in unauthenticated users being able to delete user, term, and post meta...
Groundhogg < 2.7.11.11 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Shortcode Menu <= 3.2 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize user input or escape output in the 'shortmenu' shortcode, leading to a Stored Cross-Site Scripting vulnerability. This issue allows authenticated users with contributor-level and above permissions to inject arbitrary web scripts into pages...
RSVPMarker < 10.6.7 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6...
Post Meta Data Manager < 1.2.1 - Subscriber+ Privilege Escalation
Description The plugin does not properly implement capability checks on certain functions, which results in potential unauthorized modification of data. As a result, authenticated users with subscriber-level permissions can potentially gain elevated privileges...
idbbee <= 1.0 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not adequately sanitize and escape user supplied attributes in the 'idbbee' shortcode. This can lead to injection of arbitrary web scripts that execute whenever a user accesses an injected page...
WC Captcha <= 1.5 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Contact Form to DB by BestWebSoft < 1.7.2 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft –...
WPPizza < 3.18.3 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC The "Translations" settings of the...
RSVPMarker < 9.9.4 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3...
10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion
Description The plugin does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. PoC fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type":...
EventPrime < 3.3.6 - Booking Pricing Bypass
Description The plugin specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. PoC Create an Event, noting its ID. Add a ticket type to the Event, ensuring that the price is not zero. As a logged-in user, go through the process of paying...
Deeper Comments <= 2.1.1 - Subscriber+ Arbitrary Options Update
Description The plugin does not have authorisation in its updateoptions AJAX action, allowing any authenticated users, such as subscribers to update arbitrary blog options like defaultrole etc...
Add Shortcodes Actions And Filters < 2.10 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Contact Form Builder, Contact Widget <= 2.1.7 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Seraphinite Accelerator < 2.2.29 - Authenticated Arbitrary Redirect
Description The plugin does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect PoC Make a logged in user open https://example.com/wp-admin/admin-ajax.php?action=seraphaccelact=acceptEula=https%3A%2F%2Fwpscan.com...
Triberr <= 4.1.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Custom post types <= 5.0.0 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Archivist – Custom Archive Templates <= 1.7.5 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WooCommerce PDF Invoice Builder < 1.2.104 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP Full Stripe Free <= 1.6.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CPT Shortcode Generator <= 1.0 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Lava Directory Manager <= 1.1.34 - Unauthenticated Stored XSS
Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
SALESmanago < 3.2.5 - Log Injection via Weak Authentication Token
Description The plugin uses a weak authentication toke for it's /wp-json/salesmanago/v1/callbackApiV3 API endpoint, allowing unauthenticated attackers to inject arbitrary content into the plugin logs...
Seraphinite Accelerator < 2.2.29 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...
Dropbox Folder Share <= 1.9.7 - Unauthenticated Remote Code Execution via LFI
Description The plugin does not validate the path and name of a file before including it, allowing unauthenticated visitors to include and execute arbitrary php files on the server, leading to remote code execution...
User Feedback < 1.0.10 - Unauthenticated Stored XSS
Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...
Soisy Pagamento Rateale <= 6.0.1 - Missing Authorization to Sensitive Information Exposure
Description The plugin does not properly validate authorization in calls to the parseRemoteRequest function allowing unauthenticated visitors with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information e.g., Name, Address, Email Address, and other order...
WP Knowledgebase <= 1.3.4 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Magic Embeds < 3.1.2 - Contributor+ Stored XSS via shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC v 3.1.1 - fbplugin video...
WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make an admin open an HTML page with the following HTML: See that the plugin's "Header Options Toolbar Options Title" has be...
Minimum Purchase for WooCommerce <= 2.0.0.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Article Analytics <= 1.0 - Unauthenticated SQL injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. PoC On a Wordpress blog using MySQL the following PoC allows to extract the hash of the...
Category SEO Meta Tags <= 2.5 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Add Custom Body Class <= 1.4.1 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly escape the addcustombodyclass parameter before outputting it to the page, allowing users with the role of contributor of higher to inject arbitrary web scripts potentially targeting higher privileged users...
Spider Facebook <= 1.0.15 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Popup Box < 3.7.9 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC 1 Create a new popup via /wp-admin/admin.php?page=ays-pb=add 2 Set its "Custom content...
Bonus for Woo < 5.8.3 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Make a logged in admin open one of the URL below...
Webmaster Tools <= 2.0 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...