14602 matches found
Visual Website Collaboration, Feedback & Project Management – Atarim < 3.31 - Unauthenticated Stored Cross-Site Scripting
Description The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for...
Chauffeur Taxi Booking System for WordPress < 7.0 - Authentication Bypass
Description The Chauffeur Taxi Booking System for WordPress plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity. This makes it possible for unauthenticated attackers to perform...
UserPro < 5.1.9 - Unauthenticated Account Takeover to Privilege Escalation
Description The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthenticated account takeover in all versions up to, and including 5.1.8. This makes it possible for unauthenticated attackers to take over user accounts and gain highly privileged acces...
Responsive Owl Carousel for Elementor < 1.2.1 - Local File Inclusion
Description The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execut...
Responsive video embed < 0.5.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, create a...
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce < 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode
Description The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input...
The Events Calendar Free & Pro <= 6.4.0 - Contributor+ Missing Authorization to Authenticated Arbitrary Events Access
Description Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access of data due to a insufficient capability checks and restrictions on a function in various versions. This makes it possible for authenticated attackers, with Contributor-level access and above, to access...
Happy Addons for Elementor < 3.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplie...
Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access
Description The plugin allows you to display custom field values for any post via shortcode without checking for the correct access PoC 1. ADMIN: Install Advanced Custom Fields or ACF Pro 2. ADMIN: Create a new field group for posts and add a field to that 3. ADMIN: Fill in content for posts...
Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery
Description The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the uploadtolibrary AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to mak...
Download Manager < 3.2.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode
Description The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks PoC % time curl "https://example.com/?restroute=/h5vp/v1/video/1=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...
Simple Like Page Plugin < 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PopupAlly < 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The PopupAlly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Comparison Slider <= 1.0.5 - Cross-Site Request Forgery
Description The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to...
WPB Elementor Addons < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it...
Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode
Description The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization
Description The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.3 - Missing Authorization to Arbitrary Options Update
Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for...
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.108 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field
Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user...
List categories < 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
HUSKY – Products Filter Professional for WooCommerce < 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...
WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment
Description The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodoaddcomment function. This makes it possible for unauthenticated attackers to add comments to to ...
Font Farsi <= 1.6.6 - Administrator+ Stored Cross-Site Scripting
Description The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce < 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget
Description The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied...
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.2 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes...
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 10.24 - Missing Authorization to Information Expsoure
Description The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it...
Fastly < 1.2.26 - Missing Authorization
Description The Fastly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in versions up to, and including, 1.2.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...
WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage()
Description The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodomanage function. This makes it possible for unauthenticated attackers to add new todo items via ...
Praison SEO WordPress <= 4.0.15 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Praison SEO WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
AffiEasy < 1.1.7 - Cross-Site Request Forgery to Various Actions
Description The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched...
WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings
Description The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodosettings function. This makes it possible for unauthenticated attackers to modify the plugin's...
WP Next Post Navi <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP Next Post Navi plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to...
Comparison Slider <= 1.0.5 - Missing Authorization
Description The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to...
BookingPress < 1.0.83 - Missing Authorization to Appointment Time Alteration
Description The BookingPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 1.0.82. This makes it possible for unauthenticated attackers to alter the duration of appointments...
WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings
Description The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Crafthemes Demo Import <= 3.3 - Missing Authorization to Arbitrary Plugin Installation
Description The Crafthemes Demo Import plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the ctctdiinstallplugin function in versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress < 2.9.4 - Administrator+ SQL Injection
Description The POST SMTP – The 1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user...
Tainacan < 0.21.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Tainacan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.21.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Tainacan < 0.21.4 - Unauthenticated Stored Cross-Site Scripting
Description The Tainacan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 0.21.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that wi...
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.20 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Description The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘ppanimatedgradientbgcolor’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and...
Debug Log – Manger Tool < 1.5 - Unauthenticated Information Exposure via Logs
Description The Debug Log – Manger Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in...
Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remotecontent' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Comparison Slider <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Essential Addons for Elementor < 5.9.22 - Contributor+ Stored Cross-Site Scripting via Twitter Feed
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and...
Testimonial Carousel For Elementor <= 10.2.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions ...
Download Monitor < 4.9.14 - Missing Authorization
Description The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin...
Gum Elementor Addon < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets
Description The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification
Description The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level...
Simple Popup Manager <= 1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Simple Popup Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...