14603 matches found
Page Builder by AZEXO <= 1.27.133 - Contributor+ Stored Cross-Site Scripting via shortcode
The plugin does not validate and escape the attributes of the azhpost shortcode before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins...
Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CRM and Lead Management by vcita <= 2.7.1 - Settings Update Via CSRF
The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a user with the contributor role or higher to click a link. The plugin does not protect its settings page against CSRF attacks, allowing an...
Multiple plugins by vcita - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitize and the email field in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts in the plugin settings page, which could target high privilege users such as administrators. PoC...
Contact Form Builder by vcita <= 4.10.2 - Settings Update Via CSRF
The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions...
Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.1 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitize and escape the businessid parameter of an unprotected REST route endpoint before rendering it back in pages on the website, allowing an unauthenticated attacker to inject arbitrary web scripts, which could target authenticated users such as administrators. PoC curl...
CRM and Lead Management by vcita < 2.7.0 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the email and uid parameters in the plugin settings before rendering it on the page, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting high privilege users such as administrators. PoC...
Page Builder by AZEXO <= 1.27.133 - Subscriber+ Post Creation
The plugin does not properly authorize post creation in it's azhaddpost ajax action, allowing any authenticated users to create posts with any post type and status, even when that should not have this capability...
Contact Form and Calls To Action by vcita <= 2.7.1 - Settings Update Via CSRF
The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions =a”alert2;...
Call Now Accessibility Button < 1.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WooCommerce Box Office < 1.1.51 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC tickets columns='111"...
VK Blocks < 1.58.0.0 - Contributor+ Settings Update via REST API
The plugin uses improper authorization for the REST API vk-blocks/v1/options/vkfontawesomeversion, allowing users with a role as low as contributor to change the vkfontawesomeversion option to an arbitrary value...
Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF)
The plugin does not protect the ajax actions azhaddpost, azhduplicatepost, azhupdatepost and azhremovepost against CSRF attacks, allowing an unauthenticated attacker to add, modify and delete posts by tricking a logged in user to submit a crafted request...
Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF) to Stored XSS
The plugin does not protect the ajax actions azhsave against CSRF attacks, allowing an unauthenticated attacker to modify posts by tricking a logged in user with rights to edit the post to submit a crafted request. Furthermore if the targeted user has a role of editor or above, arbitrary web...
Contact Form Builder by vcita < 4.10.2 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the email parameter in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting higher privileged users, such as administrators, into the plugin settings. PoC...
Multiple plugins by vcita - CSRF to Stored XSS in settings page
The plugin does not protect the live-site-parse-vcita-callback settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a logged in user with contributor role or higher to click a link. PoC...
Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.0 - Subscriber+ Denial of Service by account logout
The plugin does not validate authorization in the vcitalogout ajax action, allowing any logged in user with roles as low as subscriber to log the site out from the cvita account, causing a denial of service for the appointment scheduling functionality. PoC...
WooCommerce Box Office < 1.1.52 - Unauthenticated Ticket Barcode Update
The plugin does not have authorisation and CSRF when updating a ticket bar-code, allowing unauthenticated users to perform such action PoC curl https://example.com/wp-admin/admin-ajax.php -d "action=saveticketbarcodebarcodeimage=xxxbarcodetext=xxxxxid=86"...
Bookly < 21.8 - Admin+ Stored Cross-Site Scripting via service titles
The plugin does not sanitize and escape service titles in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...
Quick/Bulk Order Form for WooCommerce < 3.6.0 - Shop Manager+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. PoC 1. Add the following shortcode to ...
Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation
The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request. PoC POST...
AI-Engine < 1.6.83 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Go to Meow Apps » AI Engine » Chatbot tab »...
Blog-in-Blog <= 1.1.1 - Editor+ Local File Inclusion via Shortcode
The plugin does not validate a shortcode attribute before using it to include a template file, allowing users with an editor role or above to include arbitrary files readable by the web server, and execute them in case of php files...
Blog-in-Blog <= 1.1.1 - Editor+ Stored Cross-Site Scripting via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with an editor role or above to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins...
bbp style pack < 5.5.6 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Display post meta, term meta, comment meta, and user meta <= 0.4.1 - Contributor+ Stored Cross-Site Scripting
The plugin does not validate and escape post metadata before outputting it back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins...
Favorites < 2.3.3 - Contributor+ Stored Cross-Site Scripting via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins...
Nested Pages < 3.2.4 - Editor+ Plugin Settings Reset
The plugin does not properly authorize the npresetSettings ajax action, allowing users with an editor role or above to reset the plugin settings...
Feather Login Page < 1.1.2 - Missing Authorization to Non-Arbitrary User Deletion
The plugin does not check authorization when processing the ftlpp-ext-expirable-delete-user ajax action, which could allow users with roles as low as subscriber to delete temporary users generated by the plugin, furthermore it does not protect the action against CSRF attacks, allowing an...
CRM Perks Forms < 1.1.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the formid field in the plugin settings page, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...
Feather Login Page < 1.1.2 - Missing Authorization to Authentication Bypass and Privilege Escalation
The plugin lacks authorization checks in the ftlpp-ext-expirable-get-users ajax action, allowing logged in users with roles as low as subscriber to access the login links for the temporary users created by the plugin, which can be used for privilege escalation. PoC GET...
Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. PoC curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php"...
NextGen GalleryView <= 0.5.5 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Wordapp <= 1.5.0 - Authorization Bypass via Insufficiently Unique Cryptographic Signature
The plugin uses an insufficiently unique cryptographic signature in the wapdxopconfigset function, which could allow an unauthenticated attacker to change the validationtoken in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access UR...
Ultimate Member < 2.6.1 - Form Duplication via CSRF
The plugin does not have CSRF checks when duplicating a form, which could allow attackers to make logged in admins perform such actions via a CSRF attack...
Draw Attention < 2.0.12 - Subscriber+ Unauthorized Featured Image Modification
The plugin does not perform a capability check on the ajaxsetfeaturedimage function, allowing authenticated users with subscriber-level permissions to modify featured images of arbitrary posts using images from the media library...
Telegram Bot & Channel < 3.6.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection
The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
WP EasyCart < 5.4.9 - Multiple CSRFs
The plugin does not apply proper nonce validation routines in multiple AJAX requests, which makes it possible for attackers to trick an unsuspecting administrator into activating and deactivating products...
WP EasyCart < 5.4.9 - Product Deletion via CSRF
The plugin does not properly implement nonce validation on the processdeleteproduct function, leading to a Cross-Site Request Forgery vulnerability...
SlideOnline <= 1.2.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed once the issue...
QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC 1. Send GET /wp-admin/admin.php?page=querywall=datetimegmt=desc%2cselectfromselectsleep20a 2. See SQL execution...
IP Metaboxes <= 2.1.1 - Unauthenticated Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot PoC 1. Go to "Settings Language Settings ChatBot Keywords" 2...
Video Contest WordPress <= 3.2 - Cross-Site Request Forgery
The plugin does not adequately verify requests use nonces, leaving it susceptible to Cross-Site Request Forgery CSRF attacks...
This Day In History <= 3.10.1 - Unauthenticated Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Multiple inputs in the plugin's settings -- fo...
Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC Note: The...
Video Contest WordPress <= 3.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...