14603 matches found
RSVPMarker < 10.6.7 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Snap Pixel <= 1.5.7 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Arya Multipurpose Pro <= 1.0.8 - Reflected XSS
Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Save as Image by Pdfcrowd < 2.16.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Collapse-O-Matic <= 1.8.5.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a Contributor user create a new post and add a shortcode containing the following payload: expand elwraptag="img...
Bridge Core < 3.1.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Happy Elementor Addons Pro < 2.8.1 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
RSVPMarker < 10.6.7 - Unauthenticated Stored XSS
Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
Vertical Marquee <= 7.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Search Analytics < 1.4.8 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
SureCart < 2.5.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
URL Shortener by MyThemeShop <= 1.0.17 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Simple Staff List < 2.2.4 - Editor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the editor role and above to perform Stored Cross-Site Scripting attacks...
Mortgage Calculator Estatik <= 2.0.7 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Easy Coming Soon <= 2.3 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Landing Page Builder < 1.5.1.3 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Simple URLs < 118 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Everest News Pro <= 1.1.7 - Reflected XSS
Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
93digital Typing Effect < 1.3.7 - Contributor+ Stored XSS
Description The plugin does not properly sanitize user input, leading to a potential Cross-Site Scripting XSS vulnerability...
WP VR < 8.3.5 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
GD Security Headers < 1.7 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP Event Manager < 3.1.38 - Admin+ Stored XSS
Description The plugin does not adequately sanitize and escape input in the admin settings. This flaw could lead to stored cross-site scripting attacks, specifically in multi-site installations or where unfilteredhtml has been disabled...
Sermon'e – Sermons Online <= 1.0.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Slimstat Analytics < 5.0.9 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cookies by JM <= 1.0 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Save as PDF by Pdfcrowd < 2.16.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Order Delivery Date for WooCommerce < 3.20.1 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Travel Map <= 1.0.1 - Unauthenticated XSS
Description The plugin does not properly sanitize user inputs, leading to a Cross-Site Scripting XSS vulnerability...
Cookie Notice & Consent < 1.6.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
AcyMailing SMTP Newsletter < 8.6.3 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Stagtools < 2.3.8 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Poll Maker < 4.7.1 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Restrict < 2.2.5 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Options for Twenty Seventeen < 2.5.1 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize user-supplied input nor escape output for the 'social-links' shortcode. This leads to a Stored Cross-Site Scripting vulnerability, where an authenticated user with contributor-level permissions can inject arbitrary web scripts that execute wheneve...
WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF
Description The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request. PoC...
WoodMart < 7.2.5 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
Description The plugin does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database. Version 0.3.11 changes the API endpoint to only be...
Active Directory Integration / LDAP Integration < 4.2 - Admin LDAP Passback
Description The plugin does not properly validate input when changing the LDAP server. This can result in the ability for authenticated administrators to alter the LDAP server and access the credentials of the original LDAP server...
Staff / Employee Business Directory for Active Directory < 1.3 - Admin LDAP Credentials Retrieval
Description The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with...
PeproDev CF7 Database < 1.8.0 - Unauthenticated Stored XSS
Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure
Description The plugin does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected posts are not affected by...
NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete
Description The plugin is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server. PoC 1. Create a Gallery called "My Gallery" and note its ID. 2. Run the following code...
iFolders < 1.5.1 - Admin+ XSS
Description Auth. admin+ Cross-Site Scripting XSS vulnerability in Avirtum iFolders plugin = 1.5.0 versions...
NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization
Description The plugin is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server. PoC 1. Ensure your WordPress installation is using PHP version 7.4 or earlier. 2. Create a...
Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure
Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. PoC 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a...
User Activity Log Pro < 2.3.4 - IP Spoofing
Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. PoC 1. In User Activity Log Settings, enable the setting "Allow Ip Address of users to log." and save...
User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
Description The plugin does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks. PoC As a Contributor+ create a new post and add one of the following shortcode. avatar user="admin"...
Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. PoC This requires the plugin's Log Authentication Requests setting to be...
Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Settings Simple Posts...
WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...