14603 matches found
wSecure Lite <= 2.5 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
wp tell a friend popup form <= 7.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Client Portal : SuiteDash Direct Login <= 1.7.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
wpShopGermany – Protected Shops < 2.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WxSync <= 2.7.23 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
ShopConstruct <= 1.1.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Horizontal scrolling announcement for WordPress <= 9.2 Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
breadcrumb simple <= 1.3 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
AffiliateWP < 2.14.1 - Subscriber+ Arbitrary Plugin Activation
Description The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins...
WP Default Feature Image <= 1.0.1.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Post Affiliate Pro <= 1.26.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Exifography <= 1.3.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
nuajik CDN <= 0.1.0 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Login with phone number < 1.5.7 - User Password Change via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwpupdatepasswordaction' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted...
Simplr Registration Form Plus+ <= 2.4.5 - Subscriber+ Arbitrary User Password Change via IDOR
Description The plugin is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated...
Booster for WooCommerce < 7.1.1 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Booster for WooCommerce < 7.1.1 - Subscriber+ Sensitive Information Disclosure
Description The plugin is vulnerable to Information Disclosure via the 'wcjwpoption' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level...
BAN Users <= 1.5.3 - Subscriber+ Settings Update & Privilege Escalation via Missing Authorization
Description The plugin is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify t...
Leyka < 3.30.7.1 - Subscriber+ Sensitive Information Disclosure
Description The plugin is vulnerable to Sensitive Information Exposure via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more...
Stock Ticker < 3.23.4 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Art Decoration Shortcode <= 1.5.6 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Stock Ticker < 3.23.3 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Borderless < 1.4.9 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Crayon Syntax Highlighter <= 2.8.4 - Contributor+ Server Side Request Forgery
Description The plugin is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web applicati...
WooCommerce Beta Tester < 2.2.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Jetpack CRM < 5.5.1 - CRM Admin+ XSS
Description The plugin does not sanitise and escape the tax rate field and custom field placeholders, which could allow CRM Admin users to perform Cross-Site Scripting attacks against site Admins...
Jetpack CRM < 5.5.1 - Client+ XSS
Description The plugin does not sanitise and escape a client's phone number field, which could allow client users to perform Cross-Site Scripting attacks...
MapPress Maps for WordPress < 2.88.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WooCommerce < 8.1.1 - Shop Manager+ User Metadata Disclosure
Description The plugin returns all user metadata via an AJAX action, which could allow users with a role as low as Shop Manager to access an arbitrary user's metadata which could include tokens and other potentially sensitive data PoC As a shop manager or product vendor admin: Edit an order/creat...
Checkout Field Editor < 1.7.5 - Checkout Fields Update via CSRF
Description The plugin does not have CSRF check in place when updating checkout fields, which could allow attackers to make logged in users update them via a CSRF attack PoC...
Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection
Description The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...
Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS
Description The plugin does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators PoC As an unauthenticated user, submit a booking form such form can be added via the Booking Calendar Block on a...
WooCommerce Payments < 4.9.0 - Subscription Suspension/Activation via CSRF
Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack PoC Deactivate subscription with ID 53:...
File Manager Pro < 1.8 - Remote Code Execution via CSRF
Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. PoC As a Super Admin, run the following...
WooCommerce < 7.9 - Unauthenticated Sensitive Information Disclosure
Description The plugin does not properly apply CORS on some of its API endpoints, allowing attackers to leak customers PII information...
Socialdriver <= 2021 - Prototype Pollution to XSS
Description The theme has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting XSS attack. PoC Access the URL:...
WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF
Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack PoC Deactivate subscription with ID 53:...
Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries
Description The plugin does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin. PoC Add ...
Molongui < 4.6.20 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Simple Membership < 4.3.6 - Reflected XSS
Description The plugin does not sanitise and escape the listtype parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Kangu para WooCommerce < 2.2.10 - Reflected XSS
Description The plugin does not sanitise and escape the etiqueta parameters before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP Categories Widget < 2.3 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Booking Package < 1.6.02 - Reflected XSS
Description The plugin does not sanitise and escape the mode parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Media Library Categories < 2.0.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Elastic Email Sender < 1.2.7 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Post List With Featured Image <= 1.2.1 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP 404 Auto Redirect to Similar Post <= 1.0.3 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Business Pro <= 1.10.4 - Reflected XSS
Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WooCommerce PDF Invoice Builder < 1.2.91 - Invoice Fields Creation via CSRF
Description The plugin does not have CSRF check when creating invoice fields, which could allow attackers to make logged in admin perform such action via a CSRF attack...
Flowpaper < 2.0.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...