14603 matches found
WP Captcha <= 2.0.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Custom Post Template <= 1.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Easy Cookie Law <= 3.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Captcha <= 2.0.0 - Captcha Bypass
Description The plugin does not properly check the Captcha, allowing user to bypass it...
Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
AWP Classifieds < 4.3.1 - Categories Mgt via CSRF
Description The plugin does not have CSRF checks when managing categories such as deleting, updating etc, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
wpCentral <= 1.5.7 - Settings Update via CSRF
Description The plugin does not have CSRF checks when updating allowed IP addresses and reseting connection key, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
authLdap < 2.5.9 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP HTML Mail < 3.4.2 - Test Email Sending via CSRF
Description The plugin does not have CSRF check when sending test emails, which could allow attackers to make logged in admins perform such action via a CSRF attack...
MailMunch – Grow your Email List < 3.1.3 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WooCommerce Product Attachment < 2.2.0 - Checkout Attachements Update via CSRF
Description The plugin does not have CSRF check when saving checkout attachements, which could allow attackers to make logged in users perform such action via a CSRF attack...
Responsive Gallery Grid <= 2.3.10 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Mang Board WP <= 1.7.7 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
SendPress Newsletters <= 1.23.11.6 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Timthumb Scanner <= 1.54 - Scan Initialisation via CSRF
Description The plugin does not have CSRF check when starting a scan, which could allow attackers to make logged in admins perform such action via a CSRF attack...
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
Description The plugin provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site...
EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. PoC Insert '"Clickme! on the keyword search field or directly on the link...
E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping
Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC 1 Create a new template on...
The Post Grid < 7.2.8 - Block CSS Update via CSRF
Description The plugin does not have CSRF check when updating its block CSS, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. PoC 1. Use a proxy such as BurpSuite to add the following header to all requests: X-Forwarded-For: 11.11.11.11 2. Create a...
Table of Contents Plus < 2309 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR
Description The plugin does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced PoC 1. Create a private folder that contains a file that you intend keep secret. 2. Add the plugin shortcode...
Post and Page Builder by BoldGrid < 1.24.2 - Editor Settings Update via CSRF
Description The plugin does not have CSRF check when updating the plugin's preferred editor settings, which could allow attackers to make logged in admin perform such action via a CSRF attack...
Update ands from Zip File <= 2.0.0 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
EventPrime < 3.2.0 - Booking Creation via CSRF
Description The plugin does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. PoC Create an Event, noting its ID. Add a ticket type to the Event the details don't matter. As a logged-in user, visit a page wi...
Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC 1. Create a new PopUp Box within the...
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
Description The plugin does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. PoC Make sure you have Elementor installed and a page or post edited with Elementor. Here's the python script that will execute the...
EventPrime < 3.2.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC POC 1 - Visit any of the following pages created by the plugin: - Event...
Optimize Database after Deleting Revisions <= 5.1 - Database Optimization via CSRF
Description The plugin does not have CSRF check when starting the database optimization process, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Fattura24 < 6.2.8 - Reflected Cross-Site Scripting
Description The plugin does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. PoC wp-admin/options-general.php?page=fatt-24-tax=12...
Login screen manager <= 3.5.2 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the...
Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update
Description The plugin does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. PoC Once the site gets at least 25 conversions using the plugin, a notice will show up on the...
CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG
Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG with the payload: View the SVG and see the XSS...
FooGallery < 2.3.2 - Extensions Mgt via CSRF
Description The plugin does not have CSRF checks when activating/deactivating and downloading extensions, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. Po...
CP Blocks < 1.0.21 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Schedule Posts Calendar < 5.3 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Laposta Signup Basic < 1.4.2 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Newsletter Lite < 4.9.3 - Admin+ Command Injection
Description The plugin does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. PoC 1 Navigate to "Newsletters Configuration History & Emails Configuration"...
WooCommerce Dynamic Pricing and Discount Rules < 2.4.1 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Pipes < 1.4.1 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Taboola < 2.0.2 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Photo Gallery by Ays < 5.2.7 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
POEditor < 0.9.5 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Swifty Bar, sticky bar by WPGens < 1.2.11 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Contractor Contact Form Website to Workflow Tool < 4.1.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP Jump Menu <= 3.6.4 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Email posts to subscribers <= 6.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Onclick Show Popup < 6.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Tiger Forms < 2.1.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...