14603 matches found
Forminator < 1.24.4 - Reflected XSS
The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. PoC 1. Create a "Contact Us" form from the plugin presets 2. Click on the Message field, go to the "Settings" tab and choose a...
BigContact <= 1.5.8 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin = 1.5.8 versions...
HT Feed < 1.2.8 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in HasThemes HT Feed plugin = 1.2.7 versions...
Short URL < 1.6.5 - Admin+ Cross Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC In the plugin settings, add the POC to the...
Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject
The plugin does not adequately sanitize input or escape output for email subjects, resulting in potential for stored cross-site scripting...
Social Media Icons Widget <= 1.6 - Cross-Site Request Forgery
The plugin does not adequately protect against Cross-Site Request Forgery CSRF attacks...
Getnet Argentina para Woocommerce < 0.0.5 - Unauthenticated Authorization Bypass
The plugin does not perform adequate validation on the 'webhook' function, which can lead to an unauthenticated user changing their payment status to 'APPROVED' without making an actual payment...
WordPress Mobile Pack <= 3.4.1 - Cross-Site Request Forgery
The plugin does not properly validate requests use nonces, leading to a Cross-Site Request Forgery CSRF vulnerability...
WP Dummy Content Generator < 3.0.0 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
FluentSMTP < 2.2.5 - Unauthenticated Stored Cross-Site Scripting
The plugin does not adequately sanitize and escape input in the email subject, making it possible to inject arbitrary web scripts that execute when a user accesses the affected page...
ShopLentor < 2.6.3 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WPLMS < 4.900 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, making it susceptible to Cross-Site Request Forgery CSRF attacks...
Visibility Logic for Elementor < 2.3.5 - Cross-Site Request Forgery
The plugin does not properly validate requests using nonces, which makes it susceptible to Cross-Site Request Forgery attacks...
Media Library Helper by Codexin <= 1.2.0 - Cross-Site Request Forgery
The plugin does not properly validate requests using nonces, making it susceptible to Cross-Site Request Forgery CSRF attacks...
ARMember < 4.0.6 - ARMember Cross-Site Request Forgery
The plugin does not properly validate nonces in the armcheckusercap function, leading to a potential Cross-Site Request Forgery vulnerability. As a result, unauthenticated users can carry out actions without appropriate permissions, provided they manage to mislead a site administrator into clicki...
Classified Listing < 2.4.6 - Cross-Site Request Forgery
The plugin does not adequately verify requests using nonces, leading to a potential Cross-Site Request Forgery vulnerability...
WP Reroute Email < 1.5.0 - Unauthenticated Stored Cross-Site Scripting
The plugin does not properly sanitize and escape input in the email subject, leading to potential Stored Cross-Site Scripting issues. This flaw allows the injection of arbitrary web scripts that are executed whenever an injected page is accessed...
SMTP Mail <= 1.2.16 - Unauthenticated Stored Cross-Site Scripting
The plugin does not properly sanitize and escape input in email subjects when the 'Save Data SendMail' feature is enabled, leading to potential Stored Cross-Site Scripting issues...
WP Mail Log < 1.1.2 - Unauthenticated Stored Cross-Site Scripting
The plugin does not properly sanitize and escape email contents, leading to a potential Stored Cross-Site Scripting vulnerability. This issue allows for arbitrary web scripts to be injected into pages, which will execute when a user accesses an affected page...
Menubar < 5.9 - Cross-Site Request Forgery
The plugin does not properly implement anti-CSRF measures, potentially making it possible for unwanted actions to be performed in the user's session...
WP RSS Images <= 1.1 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, leading to a potential Cross-Site Request Forgery vulnerability...
WebwinkelKeur < 3.25 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in Albert Peschar WebwinkelKeur plugin = 3.24 versions...
Login/Signup Popup < 2.4 - Settings Reset via CSRF
The plugin does not have CSRF check when reseting its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=easy-login-woocommerce-settings=yes...
User Activity Log < 1.6.3 - Admin+ SQL Injection
The plugin does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin. PoC As an admin, visit either of the following URL's. Note that it takes several seconds f...
Waitlist Woocommerce < 2.5.3 - Settings Reset via CSRF
The plugin does not have CSRF check when reseting its Settings, which could allow attackers to make logged in admins perform such action via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=waitlist-woocommerce-settings=yes...
SP Project & Document Manager < 4.68 - Subscriber+ Insecure Direct Object References
The plugin allows direct access to objects, allowing an authenticated user with subscriber privileges or above, to bypass authorization and change user passwords and potentially take over administrator accounts...
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. PoC POST /register/ HTTP/1.1 Host: wpscan-vulnerability-test-bench.ddev.site...
Web3 – Crypto wallet Login & NFT token gating < 2.7.0 - Authentication Bypass
The plugin does not properly perform authentication in the 'hiddenformdata' function, allowing an unauthenticated user to log in as any existing user on the site, such as an administrator, if they have access to the username...
User Registration < 3.0.2 - Subscriber+ PHP Object Injection
The plugin does not properly sanitize the 'profile-pic-url' parameter, leading to a potential PHP Object Injection. This vulnerability stems from the deserialization of untrusted input, potentially enabling a malicious user with subscriber-level permissions to inject a PHP Object. The issue may...
Active Directory Integration / LDAP Integration < 4.1.6 - Sensitive Information Disclosure
The plugin will expose Sensitive Information due to insufficient sanitization of the supplied username value...
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.5 - Authentication Bypass
The improper credential validation on the plugin allows unauthenticated attackers to escalate privileges if administrator's emails is known...
Short URL < 1.6.5 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Salon Booking System < 8.4.8 - User Role change via CSRF
The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change its own user role to customer...
NOO Timetable <= 2.1.3 - Cross-Site Request Forgery
The plugin does not adequately verify incoming requests using nonces, leading to potential Cross-Site Request Forgery vulnerabilities...
LearnDash LMS < 4.6.0.1 - User Account Takeover via Insecure Direct Object References
The plugin does not correctly manage access to system resources, resulting in Insecure Direct Object References. As a result, users can bypass authorization checks, leading to unauthorized changes to user passwords, potentially compromising administrator accounts...
Quiz Expert – Easy Quiz Maker, Exam and Test Manager <= 1.5.0 - Cross-Site Request Forgery
The plugin does not adequately verify requests, leading to a Cross-Site Request Forgery CSRF vulnerability...
WP Abstracts <= 2.6.2 - Cross-Site Request Forgery
The plugin does not sufficiently verify requests use nonces, leading to a CSRF vulnerability...
WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update
The plugin does not properly restrict users from making a certain set of changes to other customers' orders. TODO: ADD link to Patchstack's post instead of H1 PoC Affected functions: createpaymentintentajax updatepaymentintentajax saveupeappearanceajax updateorderstatusajax updatefailedorderajax ...
Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored Cross-Site Scripting
The plugin is affected by an Unauthenticated Stored Cross-Site Scripting XSS vulnerability due to a lack of input sanitization and output escaping...
Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged-in admin open a page containing the HTML code below...
POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF
The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack. Note: The AJAX actions are also affected by SQL injections, making the issue PoC Make a logged in...
SimpleModal Contact Form (SMCF) <= 1.2.9 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Coupon Affiliates < 5.4.4 - Unauthenticated Reflected XSS
The plugin was vulnerable to Unauthenticated Reflected Cross-Site Scripting XSS via the 'wcucoupons' parameter...
Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Sending Emails via CSRF
The plugin does not implement nonce checks, which could allow attackers to make a logged-in admin send test emails with arbitrary content to users...
Order date time for WooCommerce < 3.0.20 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Connections Business Directory < 10.4.37 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
WooCommerce Pre-Orders < 2.0.2 - Reflected XSS
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC When there is at least one pre-order, make a logged in admin open the URL below...
Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Missing Access Controls
The vulnerability allows any Author leveled users to perform actions that only an administrator should be allowed to do e.g., sending unsolicited e-mail to users...
Direct checkout, Add to cart redirect for Woocommerce < 2.1.49 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
IFrame Shortcode <= 1.0.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...