14603 matches found
what3words Address Field < 4.0.0 - Admin+ Sensitive Information Disclosure
Description A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueuescripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. T...
T1 theme <= 19.0 - Open Redirect
Description The theme is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. PoC https://www.example.com/wp-content/themes/t1/page-templates/applyredirection.php?file=240317005410now=http://google.comjs=https://www.evil.com?...
Elementor < 3.5.5 - Iframe Injection
Description The plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs. PoC...
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin < 2.5.1 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WooCommerce Brands < 1.6.50 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Royal Elementor Addons < 1.3.71 - Unauthenticated API Key Disclosure
Description The plugin discloses the MailChimp API key in pages with the MailChimp block, allowing unauthenticated users to obtain such key...
ProfileGrid < 5.5.2 - Subscriber+ Unauthorized Data Modification
Description The plugin does not perform proper capability checks on the 'pmuploadcsv' function, enabling authenticated users with subscriber-level permissions or above to import new users and update existing ones...
ProfileGrid < 5.5.2 - Subscriber+ Arbitrary Option Update
Description The plugin does not implement an adequate capability check on the 'profilemagicchecksmtpconnection' function, making it possible for authenticated users with subscriber-level permissions or above to arbitrarily update the site options, leading to potential privilege escalation...
ProfileGrid < 5.5.3 - Group Owner+ Unauthorized Data Modification
Description The plugin does not adequately check capabilities on the 'editgroup' handler, enabling authenticated users with group ownership to improperly update group options, including the 'associaterole' parameter, which sets the member's role...
Premmerce < 1.3.17 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
FiveStarPlugins Restaurant Menu and Food Ordering < 2.4.7 - Cross-Site Request Forgery
Description The plugin does not properly validate user-supplied input uses nonces, leading to a potential Cross-Site Request Forgery vulnerability...
Booking Calendar Contact Form < 1.2.41 - Unauthenticated Reflected Cross-Site Scripting
Description Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodePeople Booking Calendar Contact Form plugin = 1.2.40 versions...
YARPP < 5.30.4 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize the 'className' parameter, leading to Stored Cross-Site Scripting. Insufficient input sanitization and output escaping make it possible for contributors to inject arbitrary web scripts into pages...
Recipe Maker For Your Food Blog from Zip Recipes < 8.0.8 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WooCommerce Ship to Multiple Addresses < 3.8.6 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
vSlider Multi Image Slider for WordPress <= 4.1.2 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS
Description The plugin does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Note: The issue was fixed in 1.14.15 but re-introduced in 1.14.16 PoC Make a...
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
Description The plugin allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action. PoC Execute the below command in the web developer console, on the blog homepage as an unauthenticated user, replacing domain by the domain of the blog:...
WPCode < 2.0.13.1 - Reflected XSS
Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wpcode"=2...
Inactive User Deleter < 1.60 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin = 1.59 versions...
Bubble Menu < 3.0.5 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Click on the "Add new" tab...
MultiParcels Shipping For WooCommerce < 1.14.15 - Subscriber+ SQLi
Description The plugin does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. Note WPScan: The issue was fixed in 1.14.13, however a better patch was done in 1.14.15 a...
Falang multilanguage < 1.3.40 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in Faboba Falang multilanguage for WordPress plugin = 1.3.39 versions...
Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS
Description The plugin does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a Contributor, create or edit a Quiz with the default theme and put the following payload in a question...
WP PDF Generator < 1.2.3 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in wpexperts.Io WP PDF Generator plugin = 1.2.2 versions...
Front End Users < 3.2.25 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...
WP Reroute Email < 1.4.8 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in Sajjad Hossain WP Reroute Email plugin = 1.4.6 versions...
WP Shopping Pages <= 1.14 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. PoC Make a logged in admin access a page with the following code:...
Album Gallery – WordPress Gallery < 1.5.0 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks either flawed or missing completely in when performing update actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion
Description The plugin does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment PoC Login as a subscriber an open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping=1 to delete the shipment wit...
WP Food Manager < 1.0.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Food manager Add Food"...
WooCommerce Order Barcodes < 1.6.5 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Order Barcodes plugin = 1.6.4 versions...
All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password
The plugin stores the password inside the database as plaintext allowing administrators to obtain access to user's passwords...
User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload Leading to RCE
The plugin does not validate the file types, and uses a hardcoded encryption key during the profile picture upload process. Authenticated users with minimal permissions, such as a subscriber, can thus upload arbitrary files, potentially leading to remote code execution...
Export and Import Users and Customers < 2.4.2 - Shop Manager+ Privilege Escalation
The plugin does not correctly implement a capability check on the 'hfupdatecustomer' function, which is triggered via an AJAX action. This omission allows users with shop manager-level permissions to modify data they should not have access to, such as changing user passwords and potentially gaini...
User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload
The plugin uses a static encryption key and does not validate the file path when renaming profile pictures, which could allow any authenticated users, such as subscriber, to upload arbitrary files such as PHP on the server...
Justin Klein WP Social AutoConnect < 4.6.2 - Cross-Site Request Forgery
The plugin does not use nonces to verify requests, making it vulnerable to Cross-Site Request Forgery CSRF attacks...
Replace Word <= 2.1 - Cross-Site Request Forgery
The plugin does not adequately verify requests using nonces, leading to a potential Cross-Site Request Forgery vulnerability...
WishSuite < 1.3.4 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in HasTheme WishSuite plugin = 1.3.3 versions...
Database Collation Fix < 1.2.8 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in Dave Jesch Database Collation Fix plugin = 1.2.7 versions...
Advanced Flat rate shipping Woocommerce < 1.6.4.6 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin = 1.6.4.4 versions...
LWS Cleaner < 2.3.1 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in LWS Cleaner plugin = 2.3.0 versions...
Post SMTP < 2.5.8 - Unauthenticated Stored Cross-Site Scripting via Email Contents
The plugin does not sufficiently sanitize and escape email contents, which could lead to unauthenticated users injecting arbitrary web scripts that execute whenever a page is accessed...
Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery
The plugin does not properly implement anti-CSRF mechanisms, making it vulnerable to potential CSRF attacks...
WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks PoC Make a logged in admin open an HTML pa...
WooCommerce GoCardless Gateway < 2.5.7 - Unauthenticated Sensitive Information Disclosure
The plugin does not check user permissions before displaying sensitive information about an Order, leading to sensitive information disclosure as well as the ability for an unauthenticated user to cancel any guest's order...
Multiple Plugins from Addify - Multiple CSRF
The plugins have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions PoC addify-order-approval-woocommerce - To make a logged in admin approve the order with ID 103...
Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting
The plugin does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open one of the URL below...
WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack PoC Make a logged in admin open the URL below 42 being a pre-order to be canceled...
LMS by Masteriyo < 1.6.8 - Information Exposure
The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. PoC curl -i -s -k -X $'GET' \ -H $'Host: localhost:8000' -H $'sec-ch-ua: ' -H $'Accept:...