14603 matches found
EventON < 2.1.2 - Unauthenticated Event Access
The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. PoC https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownloadid=value...
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post. PoC...
Enable SVG Uploads <= 2.1.5 - Author+ Stored XSS via SVG
The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC 1. Upload a malicious SVG: 2. Add to post and view SVG to see XSS...
tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation
The plugin does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog. PoC To set the us...
PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add XSS payload to plugin's "Account API key" setting: ...
Greeklish-permalink <= 3.3 - Unauthenticated Post Slug Update
The plugin does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF. PoC 1. Create a post with the name "Νέα ανάρτηση"...
AN_GradeBook <= 5.0.1 - Admin+ XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. When adding a new course in the plugin...
MStore API < 3.9.8 - Unauthenticated Blind SQLi
The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...
Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to...
Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new item in the plugin settings 2...
MojoPlug Slide Panel <= 1.1.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
EventPrime < 3.0.6 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Companion Sitemap Generator < 4.5.3 - Reflected XSS
The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Make a logged-in admin open: https://example.com/wp-admin/tools.php?page=csg-sitemap=...
Multiple Plugins - Cross-Site Scripting From Third-party Library
The plugins use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. PoC WP-Optimize - Reflected Cross-Site Scripting 1. Go to the plugin settings and in the "Images" section check the box "Create WebP version of image". 2...
HTTP Headers < 1.18.11 - Admin+ Remote Code Execution
This plugin allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. PoC --- HTTP Headers Advanced settings and set the "Location of .hh-htpasswd" field to its previous value this is only required on Apache-based servers in order to reset a rule in...
MStore API < 3.9.9 - Unauthenticated Privilege Escalation
The plugin does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features. PoC 1 Simulate the site has a valid Pro API key by running the following in WP...
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the plugin's "Quick Start" field, add...
Call Now Accessibility Button < 1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Fields in the "Options" section of the...
WooCommerce Product Vendors < 2.1.79 - ShopManager+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as ShopManager PoC As ShopManager, open the URL below...
AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting
The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...
URL Shortify < 1.7.0 - Admin+ Cross Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to "URL Shortify Settings Links"...
Google Map Shortcode <= 3.1.2 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Template Debugger <= 3.1.2 - Cross-Site Request Forgery
The plugin does not adequately protect against Cross-Site Request Forgery CSRF attacks...
WP Backup Manager <= 1.13.1 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Unlimited Elements For Elementor < 1.5.67 - Contributor+ Arbitrary File Upload
The plugin does not validate files in its file manager feature, allowing users with a role of contributor and above to upload arbitrary files...
Recent Posts Slider <= 1.1 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, leading to a Cross-Site Request Forgery CSRF vulnerability...
LWS Tools < 2.4.2 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, making it vulnerable to Cross-Site Request Forgery CSRF attacks...
Galleria <= 1.0.3 - Cross-Site Request Forgery
The plugin does not properly verify requests use nonces, leading to a potential Cross-Site Request Forgery CSRF vulnerability...
Sermon'e – Sermons Online <= 1.0.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Seed Fonts 2.3.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
NextGen GalleryView <= 0.5.5 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Contact Form by WD <= 1.13.23 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. When editing a form, go to "Settings MySQL Mapping". 2. Click "Add a Query" 3. When mapping the form to the...
WP Affiliate Links <= 0.1.1 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Google XML Sitemap for Videos <= 2.6.1 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Flo Forms <= 1.0.40 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
MasterStudy LMS < 3.0.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
MasterStudy LMS < 3.0.9 - Subscriber+ Course Category Creation
The plugin does not have authorisation when creating category courses, allowing any authenticated users, such as subscriber to create arbitrary course category...
WooCommerce Stock Manager < 2.11.0 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, making it susceptible to Cross-Site Request Forgery CSRF attacks...
WordPress Contact Forms by Cimatti < 1.5.8 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WooCommerce Stripe Payment Gateway < 7.4.1 - Unauthenticated PII Disclosure via IDOR
The plugin does not ensure that the order details to be displayed belongs to the user making the request, allows unauthenticated users to access sensitive information about the reorder details such as first/last names, email and address PoC As unauthenticated, see the source of...
Booking and Rental Manager < 1.2.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Zephyr Project Manager < 3.3.94 - Plugin Data Deletion via CSRF
The plugin does not have CSRF check when deleting its data, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Password Protected < 2.6.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery
The plugin does not properly validate user requests, leading to a potential Cross-Site Request Forgery CSRF vulnerability...
Securimage-WP <= 3.6.16 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, leading to potential CSRF vulnerabilities...
MStore API < 3.9.7 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as Order Status Update, Order Title Update, Product Limit Update, Order Message Update, and Firebase Server Key Update...
Church Admin < 3.7.30 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
ARMember < 4.0.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Disable WordPress Update Notifications <= 2.3.3 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, leading to potential CSRF vulnerabilities...
YaySMTP < 2.4.6 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sufficiently sanitize and escape input from email contents, leading to the possibility of arbitrary web scripts injection in pages...