14603 matches found
Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload
Description The plugin does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. PoC 1 Create a PHP file cmd.php with the contents 2 Go to https://example.com/wp-admin/admin.php?page=momediarestrict=privatedirectory 3 Then upload a fi...
DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting
Description The plugin does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form. PoC 1. Put javascript payload on html.cafe. const url = 'https://s…t/wp-admin/user-new.php'; fetchurl...
Slimstat Analytics < 5.0.10 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Product page shipping calculator for WooCommerce < 1.3.26 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Jupiter X Core Premium < 3.4.3 - Unauthenticated Privilege Escalation
Description The plugin does not properly validate users during the Facebook login process, allowing unauthenticated users to login as any user by knowing their email address...
Jupiter X Core Premium < 3.3.8 - Unauthenticated Arbitrary File Upload
Description The plugin does not validate files to be uploaded via the ravenformfrontend AJAX action available to unauthenticated users, allowing them to upload arbitrary files on the server...
Leyka < 3.30.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Note: The issue was reported to the...
Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC There are two fields affected by a...
Radio Station < 2.5.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Block Referer Spam < 1.1.9.5 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Easy Form by AYS < 1.2.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation
Description The plugin does not validate parameters supplied to the updatecoreuser function, which could allow users to register an account with any role such as administrator when registering via the registration form of the plugin ie the charitableregistration shortcode embed in a page/post...
Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin PoC 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within...
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. PoC 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...
Min Max Control < 4.6 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC...
FTP Access <= 1.0 - Subscriber+ Stored XSS
Description The plugin does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the setting...
Lock User Account < 1.0.4- Arbitrary Account Lock/Unlock via CSRF
Description The plugin does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack PoC Make a logged in admin open one of the links below, this will make them lock/unlock the user with ID...
WP Adminify < 3.1.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Several fields in the plugin are...
Herd Effects < 5.2.3 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC In the plugin settings, add a new...
Herd Effects < 5.2.4 - Effect Deletion via CSRF
Description The plugin does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=mwp-herd-effect=delete=1, this will make them delete the...
URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header
Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. PoC 1. Add a new shortened link in the interface...
Plugins List < 2.5.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Docs < 2.0.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Advanced Category Template <= 0.1 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Photo Gallery by Ays < 5.1.4 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Comments Like Dislike < 1.2.0 - Subscriber+ Settings Reset
Description The plugin does not have authorisation when resetting its settings, allowing ay authenticated users, such as subscriber to reset them via the restoresettings function hooked to an AJAX action...
Stripe Payment < 3.8.0 - Unauthenticated WC Order Status Update
Description The plugin does not have authorisation in its ehcallbackhandler function, allowing unauthenticated users to update the status of arbitrary WooCommerce orders...
Logo Scheduler < 1.2.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Stock Sync for WooCommerce < 2.4.1 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WPPizza < 3.17.2 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
TP Education < 4.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
wpDataTables < 2.1.66 - Admin+ PHP Object Injection
Description The plugin does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin...
Modal Dialog < 3.5.15 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Extensions for Leaflet Map < 3.4.2 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Cab Grid < 1.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
tagDiv Composer < 4.2 - Admin+ Stored XSS
Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...
tagDiv Composer < 4.2 - Unauthenticated Stored XSS
Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scriptin...
WP Remote Users Sync < 1.2.13 - Subscriber+ SSRF
Description The plugin does not validate a parameter before making a request to it via the notifypingremote function, allowing any authenticated users, such as subscriber to perform SSRF attack...
Video Grid < 1.22 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
User Submitted Posts < 20230811 - Unauthenticated Stored XSS
Description The plugin does not sanitize and escape the user-submitted-content parameter, which could allow unauthenticated users to perform Stored XSS attacks...
Church Admin < 3.7.6 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Canto < 3.0.5 - Unauthenticated Remote File Inclusion
Description The Canto WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability...
Captcha Them All < 1.4 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Article Directory Redux <= 1.0.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Premium Packages - Sell Digital Products Securely < 5.7.5 - Subscriber+ Privilege Escalation
Description The plugin does not check users metadata to be updated, allowing any authenticated users, such as subscriber to set their role via the profilerole parameter when updating their profile...
Query Wrangler < 1.5.52 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
InfiniteWP Client < 1.12.1 - Unauthenticated Sensitive Information Exposure
Description The plugin exposes sensitive information to unauthenticated users...
External Videos <= 2.0.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Optima Express + MarketBoost IDX < 7.3.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Stock Exporter for WooCommerce < 1.2.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...