14603 matches found
WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload
Description The plugin does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. PoC Make sure to have both WooCommerce and NinjaForms 3.4.34.2 NF's latest version on the 3.4 branch installed, then follow those...
Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
Description The plugin does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. PoC...
SendPulse Free Web Push < 1.3.2 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion
Description The plugin does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts. PoC Ensure the Elementor plugin is installed so that the Elementor Template functionality is enabled. curl -X POST...
History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. PoC 1 Navigate to Instagram Feed Settings Manage Sources, then cli...
User Registration < 3.0.4.2 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Install and activate this...
Sp*tify Play Button for WordPress <= 2.10 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP 6.3-6.3.1 - Contributor+ Stored XSS via Footnotes Block
Description WordPress does not escape some of its Footnotes block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP < 6.3.2 - Contributor+ Comment Disclosure
Description WordPress does not properly restrict comments to be accessed, allowing contributor to read comments on private and password protect posts they don't have access to...
GoodBarber < 1.0.24 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Publish Confirm Message < 2.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Blog Manager Light <= 1.20 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP < 6.3.2 - Subscriber+ Arbitrary Shortcode Execution
Description WordPress does not restrict which shortcode can be excuted via the parsemediashortcode AJAX action, allowing any authenticated user, such as subscriber to execute arbitrary shortcodes...
Gutenberg < 16.8.1 - Contributor+ Stored XSS
Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. PoC 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the...
Urvanov Syntax Highlighter < 2.8.34 - Highlighting Blocks Mgt via CSRF
Description The plugin does not have CSRF checks when managing highlighting blocks, which could allow attackers to make logged in admins update, create, duplicate and delete them via CSRF attacks...
WP < 6.3.2 - Unauthenticated Post Author Email Disclosure
Description WordPress does not properly restrict which user fields are searchable via the REST API. PoC from multiprocessing import Pool import requests import string import json import sys if lensys.argv != 2: printf'USAGE: sys.argv0 ' sys.exit url = sys.argv1.rstrip'/' + '/wp-json/wp/v2/users'...
Gutenberg < 16.8.1 - Contributor+ Stored XSS via Navigation Links Block
Description The plugin does not escape some of its Navigation block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP 5.6-6.3.1 - Contributor+ Stored XSS via Navigation Block
Description WordPress does not escape some of its Navigation block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP 5.6-6.3.1 - Reflected XSS via Application Password Requests
Description WordPress does not sanitise and escape the successurl and rejecturl parameters before outputting it back in the page when requesting application passwords, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP < 6.3.2 - Denial of Service via Cache Poisoning
Description A Denial of Service could occur via Cache Poisoning when the X-HTTP-Method-Override header is sent in a request to the REST API in an heavily cached configuration...
Keap Landing Pages <= 1.4.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Localize Remote Images <= 1.0.9 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Oxygen Builder < 4.4 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Responsive header image slider <= 3.2.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP Bing Map Pro < 5.0 - CSRF
Description Cross-Site Request Forgery CSRF vulnerability in dan009 WP Bing Map Pro plugin 5.0 versions...
Thumbnail Slider With Lightbox < 1.0.1 - Image Lightboxes via CSRF
Description The plugin does not have CSRF check when deleting image lightboxes, which could allow attackers to make logged in admins perform such action via a CSRF attack...
WP Power Stats <= 2.2.3 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Perelink Pro <= 2.1.4 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
DX-auto-save-images <= 1.4.0 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CLUEVO LMS, E-Learning Platform < 1.11.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Sign-up Sheets < 2.2.9 - Settings Update/Reset via CSRF
Description The plugin does not have CSRF check in place when updating and reseting its settings, which could allow attackers to make a logged in admin change and reset them via a CSRF attack...
WP iCal Availability <= 1.0.3 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Instagram for WordPress <= 2.1.6 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Interactive World Map <= 3.2.0 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Contact Form by Supsystic <= 1.7.27 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Simple Org Chart <= 2.3.4 - Unauthenticated Tree Settings Update
Description The plugin does not have authorisation when updating its Tree settings, which could allow unauthenticated attackers to change them...
Social Proof Testimonials and Reviews by Repuso < 5.02 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Backend Localization <= 2.1.10 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Disabler <= 3.0.3 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Instant CSS < 1.2.2 - Theme/CSS/Minify/Preprocessor Data Update via CSRF
Description The plugin does not have CSRF checks when updating its Theme, CSS, Minify and Preprocessor data, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
Mobile Address Bar Changer <= 3.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
AI Content Writing Assistant <= 1.1.5 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Hide Admin Notices < 2.3.3 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Category Meta <= 1.2.8 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Mail SMTP Pro < 3.8.1 - Unauthenticated Email Address Disclosure
Description The plugin does not have authorisation in the isprintpage function, allowing unauthenticated users to retrieve sensitive information such as email address...
Simple Org Chart <= 2.3.4 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
SB Child List <= 4.5 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP-FlyBox <= 6.46 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Site Protector <= 2.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
SIS Handball <= 1.0.45 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...